1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
Commit graph

25 commits

Author SHA1 Message Date
Alex Samorukov
ebbc3a0e27
Add ability to use RetrySettings in the VaultDynamicSecret generator (#4076)
Signed-off-by: Oleksij Samorukov <samm@net-art.cz>
2024-11-07 07:58:23 +01:00
Gergely Brautigam
d4d4f4bc4b
feat: add AWS STS Session token generator (#4041)
* feat: add AWS STS Session token generator

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* version update for the generated CRD

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-11-05 13:22:00 +01:00
Konradas Bunikis
c51ad8d98f
feat: Support repositories and permissions in GitHub generator (#4039)
* feat: Support repositories and permissions in GitHub generator

Signed-off-by: konradasb <konradasb0@gmail.com>

* fix: Correct typo ommited->omitted

Signed-off-by: konradasb <konradasb0@gmail.com>

* fix: Optimize http req body

Signed-off-by: konradasb <konradasb0@gmail.com>

* fix: Optimize body var usage

Signed-off-by: konradasb <konradasb0@gmail.com>

* fix: Correct typo marshalling->marshaling

Signed-off-by: konradasb <konradasb0@gmail.com>

---------

Signed-off-by: konradasb <konradasb0@gmail.com>
2024-10-28 12:02:06 +01:00
Alexander Schaber
f73187dabb
New Generator for UUIDs (#3296)
* feat(generator/uuid): initial version

Signed-off-by: Alexander Schaber <a.schaber@cuegee.com>

* fix(generator/uuid): rename symbols in compliance with lint

Signed-off-by: Alexander Schaber <a.schaber@cuegee.com>

* fix(generator/uuid): rename unused vars to `_` to fix lint

Signed-off-by: Alexander Schaber <a.schaber@cuegee.com>

* docs(generator/uuid): initial documentation for uuid generator

Signed-off-by: Alexander Schaber <a.schaber@cuegee.com>

---------

Signed-off-by: Alexander Schaber <a.schaber@cuegee.com>
2024-09-08 19:54:47 +02:00
Gergely Brautigam
a5ddd97c21
chore: update go version of the project to 1.23 (#3829)
* chore: update go version of the project to 1.23

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* fixed an absurd amount of linter issues

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-08-26 11:10:58 +02:00
Gergely Brautigam
82d419e2ee
feat: add CAProvider to Bitwarden provider (#3699)
* feat: add CAProvider to bitwarden

This change introduces a refactor as well since CAProvider
was used by multiple providers with diverging implementations.
The following providers were affected:
- webhook
- akeyless
- vault
- conjur
- kubernetes

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* refactored the Kubernetes provider to use create ca

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* refactor webhook, vault and kubernetes provider

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* rename CreateCACert to FetchCACertFromSource

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* addressed comments and autodecoding base64 data

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* check if the decoded value is a valid certificate

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-08-16 12:32:35 +02:00
Idan Adar
e13e09413e
Fix typo privatKey in multiple files (#3578)
* Update generators.external-secrets.io_githubaccesstokens.yaml

Fixes https://github.com/external-secrets/external-secrets/issues/3556

Signed-off-by: Idan Adar <iadar@il.ibm.com>

* Update generator_github.go

Signed-off-by: Idan Adar <iadar@il.ibm.com>

* Update github.go

Signed-off-by: Idan Adar <iadar@il.ibm.com>

* Update generator-github.yaml

Signed-off-by: Idan Adar <iadar@il.ibm.com>

* Update github_test.go

Signed-off-by: Idan Adar <iadar@il.ibm.com>

* fix: rename property

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

---------

Signed-off-by: Idan Adar <iadar@il.ibm.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2024-06-17 11:12:03 +02:00
Shuhei Kitagawa
43a7a16baf
Update Go and golangci-lint version (#3396)
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
2024-04-25 06:36:11 -03:00
Michael Serchenia
84731616f4
GitHub provider (supersedes #3014) (#3115)
* github provider signed, supersedes #3014

Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>

* tests pass, + crd + docs

Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>

* fix sonarLint alert

Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>

* refactoring, replace secretStore with generator

Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>

* cosmetics + tst + lint pass

Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>

* docs

Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>

* clean-up + lint + test

Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>

* small refactor, fix issues left in comments

Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>

---------

Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>
2024-04-03 09:19:57 +02:00
Marco Singer
983488ca57
feat(generator/webhook): Improve error message (#3190)
Signed-off-by: Marco Singer <marcosinger@users.noreply.github.com>
2024-02-28 09:23:08 +09:00
Gustavo Fernandes de Carvalho
1cf8f68276
Implements Webhook Generator (#3121)
* adding webhook generators

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* bumping bundle

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* linting

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* fixing copy-paste error

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* common webhook functions

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* removing duplicates. Adding tests for generator

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* docs

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

---------

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
2024-02-17 06:49:31 -03:00
Moritz Johner
d246c2e082
🧹 refactor vault provider (#3072)
* chore: split monolith into separate files

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* chore: add tests

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* chore: rename vault/auth_iam vars

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* fixup: remove string duplication

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

---------

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2024-01-31 22:03:32 +01:00
Moritz Johner
26f9c3f1f4
chore: refactor/centralise secretKeyRef usage (#3022)
* chore: refactor/centralise secretKeyRef usage

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2024-01-21 08:19:57 +01:00
Moritz Johner
2b2661ebc2
fix: use service management endpoint for ACR when using WI (#2913)
The `scope` parameter used to be the ACR url foobar.azurecr.io, but
this stopped working. Turns out that you need to use the management
endpoint as `scope` in order to authenticate with ACR.

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2023-11-30 00:02:28 +01:00
Moritz Johner
c5fa8d81a6
fix: webhook support more types when parsing response (#2899)
* fix: support more types in webhook response

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* fix: properly decode json

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* Update pkg/provider/webhook/webhook.go

Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: Moritz Johner <moolen@users.noreply.github.com>

* Update pkg/provider/webhook/webhook.go

Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: Moritz Johner <moolen@users.noreply.github.com>

* fix: expose errors

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

---------

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Signed-off-by: Moritz Johner <moolen@users.noreply.github.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2023-11-25 08:53:30 +01:00
Moritz Johner
416deb3303
chore: bump dependencies (#2568)
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2023-08-02 21:42:03 +02:00
Moritz Johner
593eb13999
feat: allow to get auth data from vault response (#2325)
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2023-05-22 10:00:41 +02:00
Moritz Johner
bbddc6f902
fix: nil check parameters (#2321)
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2023-05-16 08:17:01 +02:00
Gustavo Fernandes de Carvalho
1cf7c3a6e3
🧹 Bumping GolangciLint version and fixing lint issues (#2304)
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
2023-05-12 05:11:33 -03:00
azert9
f181500e98
Feature/scaleway provider (#2086)
* wip: basic structure of scaleway provider

Signed-off-by: Julien Loctaux <no.mail@jloc.fr>

* test: add some tests for GetAllSecrets

Signed-off-by: Julien Loctaux <no.mail@jloc.fr>

* feat: implement PushSecret

Signed-off-by: Julien Loctaux <no.mail@jloc.fr>

* test: improved test fixtures

Signed-off-by: Julien Loctaux <no.mail@jloc.fr>

* feat: allow finding secrets by project using the path property

Signed-off-by: Julien Loctaux <no.mail@jloc.fr>

* feat: add delete secret method

Signed-off-by: Julien Loctaux <no.mail@jloc.fr>

* Delete dupplicate of push remote ref test implem

Signed-off-by: Julien Loctaux <no.mail@jloc.fr>

* feat: add capability to use a secret for configuring access token

Signed-off-by: Julien Loctaux <no.mail@jloc.fr>

* feat: implement GetSecretMap

Signed-off-by: Julien Loctaux <no.mail@jloc.fr>

* feat: filtering by name and projetc id

Signed-off-by: Julien Loctaux <no.mail@jloc.fr>

* test: add test for finding secret by name regexp

Signed-off-by: Julien Loctaux <no.mail@jloc.fr>

* feat: config validation

Signed-off-by: Julien Loctaux <no.mail@jloc.fr>

* fix: handle situation where no namespace is specified and we cannot provide a default

Signed-off-by: Julien Loctaux <no.mail@jloc.fr>

* feat: reference secrets by id or name

Signed-off-by: Julien Loctaux <no.mail@jloc.fr>

* fix: invalid request caused by pagination handling

Signed-off-by: Julien Loctaux <no.mail@jloc.fr>

* feat: log the error when failing to access secret version

Signed-off-by: Julien Loctaux <no.mail@jloc.fr>

* fix: pass context to sdk where missing

Signed-off-by: Julien Loctaux <no.mail@jloc.fr>

* feat: add a cache for reducing AccessSecretVersion() calls

Signed-off-by: Julien Loctaux <no.mail@jloc.fr>

* refacto: use GetSecret with name instead of ListSecrets

Signed-off-by: Julien Loctaux <no.mail@jloc.fr>

* feat: allow using secret name in ExternalSecrets

Signed-off-by: Julien Loctaux <no.mail@jloc.fr>

* feat: use latest_enabled instead of latest

Signed-off-by: Julien Loctaux <no.mail@jloc.fr>

* refacto: optimized PushSecret and improved its test coverage

Signed-off-by: Julien Loctaux <no.mail@jloc.fr>

* fix: doesConfigDependOnNamespace was always true

Signed-off-by: Julien Loctaux <no.mail@jloc.fr>

* feat: use new api with refactored name-based endpoints

Signed-off-by: Julien Loctaux <no.mail@jloc.fr>

* remove useless todo

Signed-off-by: Julien Loctaux <no.mail@jloc.fr>

* fix: use secret names as key for GetAllSecrets

Signed-off-by: Julien Loctaux <no.mail@jloc.fr>

* feat: support gjson propery lookup

Signed-off-by: Julien Loctaux <no.mail@jloc.fr>

* feat: e2e tests

Signed-off-by: Julien Loctaux <no.mail@jloc.fr>

* test: e2e test using secret to store api key

Signed-off-by: Julien Loctaux <no.mail@jloc.fr>

* test: cleanup left over resources on the secret manager before each e2e run

Signed-off-by: Julien Loctaux <no.mail@jloc.fr>

* doc: add doc for scaleway provider

Signed-off-by: Julien Loctaux <no.mail@jloc.fr>

* refacto: fix lint issues

Signed-off-by: Julien Loctaux <no.mail@jloc.fr>

* test: cleanup code in e2e was commented

Signed-off-by: Julien Loctaux <no.mail@jloc.fr>

* feat: the previous version is disabled when we push to a secret

Signed-off-by: Julien Loctaux <no.mail@jloc.fr>

* doc: add comments to ScalewayProvider struct to point to console and doc

Signed-off-by: Julien Loctaux <no.mail@jloc.fr>

* feat: add missing e2e env vars for scaleway

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* docs: add scaleway to support/stability table

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

---------

Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2023-03-16 01:03:52 +01:00
Kristián Leško
1eca34c94d
feat: Vault dynamic secrets Generator (#2074)
* feat: Vault dynamic secrets Generator

Signed-off-by: Kristián Leško <kristian.lesko@gooddata.com>

* Update pkg/provider/vault/vault.go

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Signed-off-by: Moritz Johner <moolen@users.noreply.github.com>

* feat: Vault dynamic secrets Generator

Signed-off-by: Kristián Leško <kristian.lesko@gooddata.com>

* Update pkg/provider/vault/vault.go

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Signed-off-by: Moritz Johner <moolen@users.noreply.github.com>

* fix: linter

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

---------

Signed-off-by: Kristián Leško <kristian.lesko@gooddata.com>
Signed-off-by: Moritz Johner <moolen@users.noreply.github.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2023-03-13 16:31:10 +01:00
Moritz Johner
2acc637106
fix: pass tenantID correctly to acr generator (#2010)
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2023-02-14 21:57:31 +00:00
Gustavo Fernandes de Carvalho
ed173dcf77
chore: bumps (#1852)
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
2023-01-03 22:11:59 +01:00
Gustavo Fernandes de Carvalho
d1fa28532d
🧹 chore: bumping versions (#1688)
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
2022-10-31 06:54:52 -03:00
Moritz Johner
dabfa5a589
Feature: initial generator implementation + Github Actions OIDC/AWS (#1539)
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
2022-10-29 20:15:50 +02:00