external-secrets

mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00

Author	SHA1	Message	Date
eso-service-account-app[bot]	5967b70653	update dependencies (#2922 ) Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>	2023-12-04 19:16:33 +01:00
Kiyofumi Sano	2f043ecaed	Signed-off-by: Kiyo510 <miraishida00510@gmail.com> (#2919 ) typo: ref:#2917 Fix typo in ExtermalSecretRewriteTransform	2023-12-02 14:53:11 +01:00
Victor Santos	3599384660	feat(fake): deprecate ValueMap to use Value instead (#2884 )	2023-12-02 06:57:48 +09:00
Tal Asulin	2441ad547b	Feat/Adding support for PushSecret using HashiCorp Vault KV v1 (#2879 ) * feat: init pushsecret support for vault kv1 Signed-off-by: talasulin <tal.asulin@appsflyer.comn> * feat: update delete secret to support vault kv1 Signed-off-by: talasulin <tal.asulin@appsflyer.comn> * test: adding unit tests for deletesecret for vault v1 coverage Signed-off-by: talasulin <tal.asulin@appsflyer.comn> * docs: adding a note for describing the potential risk of using kv1 with pushsecret Signed-off-by: talasulin <tal.asulin@appsflyer.comn> * feat: removing white spaces Signed-off-by: talasulin <tal.asulin@appsflyer.comn> * feat: removing white spaces Signed-off-by: talasulin <tal.asulin@appsflyer.comn> * chore: reverting buildMetadataPath changes as they are not called from v1 logic Signed-off-by: talasulin <tal.asulin@appsflyer.comn> * feat: add custom metadata to vault v1 secrets Signed-off-by: talasulin <tal.asulin@appsflyer.comn> * docs: adjusting documentation for supporting vault kv v1 Signed-off-by: talasulin <tal.asulin@appsflyer.comn> * docs: adjusting documentation for supporting vault kv v1 Signed-off-by: talasulin <tal.asulin@appsflyer.comn> * Update docs/provider/hashicorp-vault.md Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Tal Asulin <tallin900@gmail.com> Signed-off-by: talasulin <tal.asulin@appsflyer.comn> --------- Signed-off-by: talasulin <tal.asulin@appsflyer.comn> Signed-off-by: Tal Asulin <tallin900@gmail.com> Co-authored-by: talasulin <tal.asulin@appsflyer.comn> Co-authored-by: tal-asulin <tal-asulin@users.noreply.github.com> Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>	2023-11-30 04:51:30 -03:00
Moritz Johner	2b2661ebc2	fix: use service management endpoint for ACR when using WI (#2913 ) The `scope` parameter used to be the ACR url foobar.azurecr.io, but this stopped working. Turns out that you need to use the management endpoint as `scope` in order to authenticate with ACR. Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2023-11-30 00:02:28 +01:00
Sebastián Gómez	15b68cc722	chore: remove references to Prometheus in Helm chart (#2814 ) Remove references to deprecated prometheus values. Signed-off-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2023-11-29 23:46:55 +01:00
Petter Abrahamsson	eea369578d	fix: Small typo in the 'templateFrom' guide (#2912 ) Signed-off-by: Petter Abrahamsson <pabraham@redhat.com>	2023-11-29 21:48:08 +01:00
eso-service-account-app[bot]	c2957067fc	chore: update dependencies (#2903 ) * update dependencies Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> * chore: bump deps Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> --------- Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>	2023-11-29 20:45:52 +01:00
Ryan Arnold	8fd952c6e7	Docs: Add details on how to use FilterPEM function (#2893 ) * Docs - add note clarifying how to use filterpem for future readers Signed-off-by: arnoldrw <arnold.rw@pg.com> * Update docs/guides/templating.md Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Signed-off-by: Ryan Arnold <51235300+arnoldrw@users.noreply.github.com> --------- Signed-off-by: arnoldrw <arnold.rw@pg.com> Signed-off-by: Ryan Arnold <51235300+arnoldrw@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>	2023-11-29 20:37:13 +01:00
Shuhei Kitagawa	632f1bba28	Stop deleting all the Secret metadata (#2900 ) Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>	2023-11-28 06:22:41 -03:00
Mateusz Łoskot	4acf82f23c	docs: Recommend use of Workload Identity for Azure Key Vault (#2906 ) * docs: Recommend use of Workload Identity for Azure Key Vault Mentions AAD Pod Identity is deprecated and updates overview of supported authentication modes for Azure Key Vault. This removes "should use aad-pod-identity" wording, see https://github.com/external-secrets/external-secrets/discussions/2901 Signed-off-by: Mateusz Łoskot <mateusz@loskot.net> * docs: Fix missing link to Multi-Tenancy Guide Signed-off-by: Mateusz Łoskot <mateusz@loskot.net> * docs: Fix typos Capitalise own names. Signed-off-by: Mateusz Łoskot <mateusz@loskot.net> --------- Signed-off-by: Mateusz Łoskot <mateusz@loskot.net>	2023-11-27 14:15:05 -03:00
Moritz Johner	c5fa8d81a6	fix: `webhook` support more types when parsing response (#2899 ) * fix: support more types in webhook response Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: properly decode json Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * Update pkg/provider/webhook/webhook.go Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> * Update pkg/provider/webhook/webhook.go Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> * fix: expose errors Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> --------- Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>	2023-11-25 08:53:30 +01:00
Moritz Johner	74897535d2	feat: add PushSecret generator design (#2665 ) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2023-11-22 21:45:55 +00:00
Gergely Brautigam	3fbe318582	feat: allow pushing the whole secret to the provider (#2862 ) * feat: allow pushing the whole secret to the provider Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * add documentation about pushing a whole secret Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * disabling this feature for the rest of the providers for now Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * added scenario for update with existing property Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>	2023-11-21 22:00:21 +01:00
eso-service-account-app[bot]	431aef844d	update dependencies (#2890 ) Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>	2023-11-20 11:43:16 +01:00
dependabot[bot]	ae258f0dcd	chore(deps): bump actions/github-script from 6 to 7 (#2889 ) Bumps [actions/github-script](https://github.com/actions/github-script) from 6 to 7. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/v6...v7) --- updated-dependencies: - dependency-name: actions/github-script dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-20 10:08:26 +01:00
Lakhan Jindam	325f36e47d	add validations for the remaining enum values (#2860 ) * add validations for the remaining enum values Signed-off-by: lakhan jindam <lakhanj569@gmail.com> * generate crd configs using make reviewable cmd and address review comments Signed-off-by: lakhan jindam <lakhanj569@gmail.com> --------- Signed-off-by: lakhan jindam <lakhanj569@gmail.com>	2023-11-18 19:55:39 -03:00
Victor Santos	6458048c62	docs: fix deprecation policy typo (#2875 ) Signed-off-by: Victor Santos <vsantos.py@gmail.com>	2023-11-15 13:42:35 +01:00
visokoo	2e4067ed3f	docs: remove additional space in dockercreds example that causes the last curly brace to be removed (#2877 ) Signed-off-by: Vivian Ta <ta.vivian@gmail.com>	2023-11-15 13:41:47 +01:00
Yonatan Koren	d42e19dc70	feat: AWS SecretsManager Config (allow ForceDeleteWithoutRecovery for PushSecret) (#2854 ) * Add secretsmanager config. Signed-off-by: Yonatan Koren <10080107+korenyoni@users.noreply.github.com> * Fix unit tests. Signed-off-by: Yonatan Koren <10080107+korenyoni@users.noreply.github.com> * Update docs, fix validation, tests. Signed-off-by: Yonatan Koren <10080107+korenyoni@users.noreply.github.com> * Fix grammatical error in attribute descriptions. Signed-off-by: Yonatan Koren <10080107+korenyoni@users.noreply.github.com> * Improve API docs for SecretsManager. Signed-off-by: Yonatan Koren <10080107+korenyoni@users.noreply.github.com> --------- Signed-off-by: Yonatan Koren <10080107+korenyoni@users.noreply.github.com>	2023-11-14 18:44:22 -03:00
dependabot[bot]	c648b19f79	chore(deps): bump golang from 1.21.3-alpine to 1.21.4-alpine (#2870 ) Bumps golang from 1.21.3-alpine to 1.21.4-alpine. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-13 21:02:28 +01:00
Roger	80f780a8fa	bump 0.9.9 (#2872 ) Signed-off-by: rogertuma <tumaroger@gmail.com>	2023-11-13 16:05:17 -03:00
Lucas Severo Alves	beabdb2f28	Update PAUL.yaml to include roger (#2873 )	2023-11-13 19:38:38 +01:00
Shuhei Kitagawa	8b0fa87f30	Validate data or dataFrom existence (#2867 ) Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>	2023-11-11 08:28:16 +09:00
Lucas Pimentel Quintao	92d8210221	feat: update dataFrom with use of generator (#2793 ) * feat: adds example extract/find use case to dataFrom example Signed-off-by: Lucas Pimentel Quintao <lucaspimentel123@users.noreply.github.com>	2023-11-09 23:31:50 +01:00
Shuhei Kitagawa	c9b3f97425	Refactor the PushSecret interface (#2859 ) Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>	2023-11-08 06:47:13 +09:00
Moritz Johner	f5cd6816aa	feat: fix cert-controller readiness probe (#2857 ) readiness probes are being executed independently from the leader election status. The current implementation depends on leader election (client cache etc.) to run properly. This commit fixes that by short-circuiting the readiness probes when the mgr is not the leader. This bug surfaces when `leader-election=true` and cert-controller `replicas>=2`. Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2023-11-07 09:51:27 +01:00
Shuhei Kitagawa	e0c1d93f9b	Support GetAllSecrets for the fake provider (#2844 ) * Support GetAllSecrets for the fake provider Signed-off-by: shuheiktgw <s-kitagawa@mercari.com> * Stop reassigning map keys Signed-off-by: shuheiktgw <s-kitagawa@mercari.com> * Use a single loop to construct the dataMap Signed-off-by: shuheiktgw <s-kitagawa@mercari.com> --------- Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>	2023-11-07 09:48:49 +09:00
Thomas	a15b146165	fix: add missing omitempty json tags for optional fields (#2855 ) The missing tags can confuse some tools. Fixes: #2853 Signed-off-by: Thomas Way <thomas@6f.io>	2023-11-06 21:54:44 +01:00
dependabot[bot]	2bf34ecaae	chore(deps): bump helm/chart-testing-action from 2.3.1 to 2.6.1 (#2849 ) * chore(deps): bump helm/chart-testing-action from 2.3.1 to 2.6.1 Bumps [helm/chart-testing-action](https://github.com/helm/chart-testing-action) from 2.3.1 to 2.6.1. - [Release notes](https://github.com/helm/chart-testing-action/releases) - [Commits](https://github.com/helm/chart-testing-action/compare/v2.3.1...v2.6.1) --- updated-dependencies: - dependency-name: helm/chart-testing-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore: remove comment regarding upstream issue Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>	2023-11-06 20:40:56 +01:00
Yonatan Koren	f78009a0ae	Add Codefresh as an adopter. (#2856 ) Signed-off-by: Yonatan Koren <10080107+korenyoni@users.noreply.github.com>	2023-11-06 19:25:03 +01:00
dependabot[bot]	a9d70527b3	chore(deps): bump helm/chart-releaser-action from 1.5.0 to 1.6.0 (#2848 ) Bumps [helm/chart-releaser-action](https://github.com/helm/chart-releaser-action) from 1.5.0 to 1.6.0. - [Release notes](https://github.com/helm/chart-releaser-action/releases) - [Commits](https://github.com/helm/chart-releaser-action/compare/v1.5.0...v1.6.0) --- updated-dependencies: - dependency-name: helm/chart-releaser-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-06 15:15:29 +01:00
eso-service-account-app[bot]	e51d1a82a2	update dependencies (#2850 ) Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>	2023-11-06 15:08:05 +01:00
Anders Swanson	f4a7c95b54	feat: Oracle PushSecret & find implementation (#2840 ) Signed-off-by: anders-swanson <anders.swanson@oracle.com>	2023-11-03 21:42:27 +01:00
Charl Klein	06301854d0	docs: - Minor Note to assist future readers (#2839 ) Signed-off-by: CharlKlein <19486531+CharlKlein@users.noreply.github.com>	2023-11-02 20:36:09 +01:00
Moritz Johner	9ff86eab51	fix: remove sourceRef.generatorRef from .data[] (#2735 ) fix: deprecate sourceRef.generatorRef from .data[] A generator is supposed to be used via .dataFrom[]. Usage in .data[] is not implemented and doesn't make sense, see #2720. This commit splits the SourceRef into two types: - one that only defines a secretStoreRef - one that allows to define either secretStoreRef or generatorRef The former is used in .data[] and the latter is used in .dataFrom[]. The Deprecated field is going to be removed with v1. Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2023-11-02 14:37:59 +01:00
Moritz Johner	22ca0ad35d	feat: add design doc for PushSecret `updatePolicy` (#2664 ) feat: add pushsecret updatePolicy design doc Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>	2023-11-02 10:22:54 +01:00
Gergely Brautigam	8f3cd55191	ref: cleanup condition handling for objects (#2829 ) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>	2023-11-02 10:19:03 +01:00
Anders Swanson	8dd934ceed	feat: Oracle provider service account masquerade (#2817 ) * feat: Oracle provider service account masquerade Signed-off-by: anders-swanson <anders.swanson@oracle.com>	2023-11-02 08:34:18 +01:00
Minho Ryang	99194e0237	feat: k8s provider can handle all types of secret, fix #2709 (#2792 ) Signed-off-by: Minho Ryang <minho@comcom.ai>	2023-11-01 22:42:49 +01:00
Moritz Johner	caa0acd5cc	fix: wrap errors in data[] (#2834 ) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: HamzaMasood1 <hamzamasood183@gmail.com>	2023-11-01 22:31:56 +01:00
Shuhei Kitagawa	c90c53b031	Let setup-go handle go module cache (#2828 ) Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>	2023-11-01 16:54:27 +01:00
Moritz Johner	22bb26cfa1	chore: release 0.9.8 (#2826 ) also downgrade `chart-testing-action`: CI pipeline [1] fails with "Unable to validate cosign version v2.0.0". That is because the v2.0.0 bootstrap version [2] is not accessible any more, it either got deleted or permissions got changed. [1] https://github.com/external-secrets/external-secrets/actions/runs/6705828636/job/18221053949?pr=2826 [2] https://storage.googleapis.com/cosign-releases/v2.0.0/cosign-linux-amd64 Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2023-10-31 13:42:55 +01:00
Moritz Johner	c5d647bae1	feat: give @Skarlso maintainer permissions (#2823 ) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2023-10-30 13:49:34 +01:00
Shuhei Kitagawa	ff0ef2e6d9	Add validations for the enum values (#2819 ) Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>	2023-10-30 13:30:04 +01:00
eso-service-account-app[bot]	faac47d83c	update dependencies (#2822 ) Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>	2023-10-30 13:20:26 +01:00
Moritz Johner	868c8ad2f1	chore: test e2e-managed & fixup docs (#2818 ) * fix: remove dead job * chore: mention azure managed tests Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2023-10-29 22:38:20 +01:00
Moritz Johner	51532ca8a1	feat: add AKS e2e managed (#2811 ) Migrate azure e2e tests to use the new TFC_* secrets which are provisioned through external-secrets/infrastructure. Also enable the use of `/ok-to-test-managed provider=azure` command to run e2e managed tests that verify integration with AKS and Azure Workload Identity (AZWI). Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2023-10-29 21:51:39 +01:00
Nícolas Roberto	8a60df68f7	add missing commands to the getting started guide (#2751 ) * add missing commands to the getting started guide Update "Create your first SecretStore" and "Create your first ExternalSecret" topics to be easy to understand Signed-off-by: Nícolas Roberto <66215835+Nicolas-Roberto@users.noreply.github.com> Signed-off-by: nicolas.queiroz <nicolas.roberto987@gmail.com> * change nano command to echo command Signed-off-by: Nícolas Roberto <66215835+Nicolas-Roberto@users.noreply.github.com> Signed-off-by: nicolas.queiroz <nicolas.roberto987@gmail.com> * fix changes in getting started file Signed-off-by: nicolas.queiroz <nicolas.roberto987@gmail.com> --------- Signed-off-by: Nícolas Roberto <66215835+Nicolas-Roberto@users.noreply.github.com> Signed-off-by: nicolas.queiroz <nicolas.roberto987@gmail.com> Signed-off-by: Shuhei Kitagawa <shuheiktgw@users.noreply.github.com> Co-authored-by: Shuhei Kitagawa <shuheiktgw@users.noreply.github.com>	2023-10-29 10:49:08 +09:00
Valentin Torikian	0c76b1ffd3	fix: requeue ExternalSecret based on delta to last refreshTime (#2815 ) * Fix skew between refreshInterval and refreshTime that can lead to skipped refresh when backend provider is slow to answer. See https://github.com/external-secrets/external-secrets/issues/2812. Signed-off-by: Valentin Torikian <vtorikian@upgrade.com>	2023-10-27 21:41:10 +02:00

1 2 3 4 5 ...

2558 commits