Alexander Schaber
f73187dabb
New Generator for UUIDs ( #3296 )
...
* feat(generator/uuid): initial version
Signed-off-by: Alexander Schaber <a.schaber@cuegee.com>
* fix(generator/uuid): rename symbols in compliance with lint
Signed-off-by: Alexander Schaber <a.schaber@cuegee.com>
* fix(generator/uuid): rename unused vars to `_` to fix lint
Signed-off-by: Alexander Schaber <a.schaber@cuegee.com>
* docs(generator/uuid): initial documentation for uuid generator
Signed-off-by: Alexander Schaber <a.schaber@cuegee.com>
---------
Signed-off-by: Alexander Schaber <a.schaber@cuegee.com>
2024-09-08 19:54:47 +02:00
eso-service-account-app[bot]
21f1dca82e
chore: update dependencies ( #3862 )
...
* update dependencies
Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
* fix alibaba breaking things again
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* commit modified templates because of version increase
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
---------
Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-09-02 18:30:34 +02:00
eso-service-account-app[bot]
3414bd6428
chore: update dependencies ( #3815 )
2024-08-19 17:07:20 +02:00
Gergely Brautigam
82d419e2ee
feat: add CAProvider to Bitwarden provider ( #3699 )
...
* feat: add CAProvider to bitwarden
This change introduces a refactor as well since CAProvider
was used by multiple providers with diverging implementations.
The following providers were affected:
- webhook
- akeyless
- vault
- conjur
- kubernetes
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* refactored the Kubernetes provider to use create ca
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* refactor webhook, vault and kubernetes provider
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* rename CreateCACert to FetchCACertFromSource
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* addressed comments and autodecoding base64 data
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* check if the decoded value is a valid certificate
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
---------
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-08-16 12:32:35 +02:00
btfhernandez
77f5d0ad91
feat: add beyondtrust provider ( #3683 )
...
* feat: add beyondtrust provider
Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>
* feat: edit go.mod and go.sum files
Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>
* feat: change test file name (provider_test.go)
Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>
* feat: solve PR comments
Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>
* feat: organize attributes in a higher hierarchy
Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>
* fix: fix sonar cloud issues and go.mod file conflicts
Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>
* fix: fix PR comments and apply table driven tests
Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>
* fix: fix PR comments
Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>
* fix: fix lint issues
Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>
* fix: fix lint issues on tests
Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>
* fix: run make fmt
Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>
* fix: apply camelCase to yaml attributes
Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>
* fix: solve go.mod file conflict
Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>
* fix: run make check-diff
Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>
---------
Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>
Signed-off-by: btfhernandez <133419363+btfhernandez@users.noreply.github.com>
2024-08-07 09:27:04 +02:00
Gergely Brautigam
8c709cfa43
feat: add prefix definition to all secret keys for aws parameter store ( #3718 )
...
* feat: add prefix definition to all secret keys for aws parameter store
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* added a push secret test to verify called parameter has a prefix
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
---------
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-07-31 12:29:07 +02:00
Engin Diri
4f62fb3963
feat: add PushSecret support for Pulumi ESC ( #3597 )
...
Signed-off-by: Engin Diri <engin.diri@ediri.de>
2024-07-25 09:00:17 +02:00
abhinav1708
bdd0c7ec9a
support for adding headers in vault provider ( #3677 )
...
* support for vault headers
Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>
* changes in crds bases for headers support
Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>
* adding autogenerated files
Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>
* removing extra---
Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>
* adding headers before x-vault-Inconsistent
Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>
* changing for lint pass
Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>
---------
Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>
2024-07-15 11:27:06 +02:00
Bill Hamilton
1876ff88d7
Add support for Delinea Secret Server ( #3468 )
...
* implements secretserver
Signed-off-by: Bill Hamilton <bill.hamilton@delinea.com>
* bump to align e2e
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
* bump
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
---------
Signed-off-by: Bill Hamilton <bill.hamilton@delinea.com>
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
Co-authored-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
2024-07-10 14:32:17 -03:00
kaedwen
48cccaeded
add AuthRef to kubernetes provider fixes #3627 ( #3628 )
...
* add AuthRef to kubernetes provider fixes #3627
Signed-off-by: kaedwen <kaedwen@heinrich.blue>
* run make reviewable
Signed-off-by: kaedwen <kaedwen@heinrich.blue>
* fix validation for given authRef
Signed-off-by: kaedwen <kaedwen@heinrich.blue>
* refactor kubernetes provider auth
Signed-off-by: kaedwen <kaedwen@heinrich.blue>
* satisfy linter
Signed-off-by: kaedwen <kaedwen@heinrich.blue>
* add URL for kubernetes provider tests
Signed-off-by: kaedwen <kaedwen@heinrich.blue>
---------
Signed-off-by: kaedwen <kaedwen@heinrich.blue>
2024-07-01 23:31:10 +02:00
Gergely Brautigam
095537e6ad
feat: add bitwarden secret manager support ( #3603 )
2024-06-28 06:04:25 +02:00
Idan Adar
e13e09413e
Fix typo privatKey in multiple files ( #3578 )
...
* Update generators.external-secrets.io_githubaccesstokens.yaml
Fixes https://github.com/external-secrets/external-secrets/issues/3556
Signed-off-by: Idan Adar <iadar@il.ibm.com>
* Update generator_github.go
Signed-off-by: Idan Adar <iadar@il.ibm.com>
* Update github.go
Signed-off-by: Idan Adar <iadar@il.ibm.com>
* Update generator-github.yaml
Signed-off-by: Idan Adar <iadar@il.ibm.com>
* Update github_test.go
Signed-off-by: Idan Adar <iadar@il.ibm.com>
* fix: rename property
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: Idan Adar <iadar@il.ibm.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2024-06-17 11:12:03 +02:00
Geoffrey MUSELLI
f74e08546c
Support glob for namespaces condition in ClusterSecretStore ( #2920 )
...
* feat(ClusterSecretStore): Support glob for conditions.namespaces
Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>
* feat(ClusterSecretStore): Fix diff
Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>
* feat(ClusterSecretStore): Fix code smell
Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>
* feat(ClusterSecretStore): First code review
Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>
* feat(ClusterSecretStore): Second code review
Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>
* feat(ClusterSecretStore): Generate
Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>
* feat(ClusterSecretStore): Fix Sonar method complexity
Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>
* addressed comments
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* renamed namedspacesregexes because it sounded funny
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
---------
Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-06-17 08:36:05 +02:00
Tsubasa Nagasawa
199c9103db
feat(certcontroller): Allow restricting CRDs and Webhook configs in Informer cache ( #3588 )
...
* feat: Add component labels to custom resource definitions
Prerequisite for restricting the CRDs cached by Informer
Signed-off-by: Tsubasa Nagasawa <toversus2357@gmail.com>
* feat(certcontroller): Allow restricting CRDs and Webhook configs in Informer cache
The certcontroller watches CRDs and Webhook configurations, and
manages CA certificates for conversion webhooks of CRDs and Webhook
configurations. Some clusters have a large number of CRDs and Webhook
configurations installed. Additionally, some CRDs have large object sizes.
Currently, the certcontroller holds all CRDs and Webhook configurations
in the Informer cache. Since this includes CRDs not managed by the
certcontroller for CA certificates, memory usage tends to be high.
This PR adds a label to the CRDs and configures the Informer cache to hold
only the CRDs and Webhook configurations restricted by the label selector.
It assumes that the CRDs have a label. Depending on how the External Secrets
Operator is managed, it may be possible to update the External Secrets
Operator without updating the CRDs, so as a precaution, it can be turned
on/off via a startup option. It is disabled by default.
Signed-off-by: Tsubasa Nagasawa <toversus2357@gmail.com>
---------
Signed-off-by: Tsubasa Nagasawa <toversus2357@gmail.com>
2024-06-16 12:52:10 +02:00
smcavallo
d29c001d37
Add device42 provider ( #3571 )
2024-06-14 06:04:19 +02:00
Akhil Mohan
ace1ff595f
Infisical provider ( #3477 )
...
* feat: added crds for infisical provider
Signed-off-by: = <akhilmhdh@gmail.com>
* feat: implemented infisical provider logic
Signed-off-by: = <akhilmhdh@gmail.com>
* fix: resolved broken doc building due to vault doc error
Signed-off-by: = <akhilmhdh@gmail.com>
* docs: added doc for infisical provider
Signed-off-by: = <akhilmhdh@gmail.com>
* docs: fixed a warning in mkdocs on link
Signed-off-by: = <akhilmhdh@gmail.com>
* feat: resolved all lint issues
Signed-off-by: = <akhilmhdh@gmail.com>
* doc: removed k8s auth release banner from infisical doc
Signed-off-by: = <akhilmhdh@gmail.com>
* feat: added support for property to infisical provider
Signed-off-by: = <akhilmhdh@gmail.com>
* feat: removed auth type and made implicit ordering of authentication based on feedback
Signed-off-by: = <akhilmhdh@gmail.com>
* feat: support for referent authentication
Signed-off-by: = <akhilmhdh@gmail.com>
* feat: added error for tag not supported in find
Signed-off-by: = <akhilmhdh@gmail.com>
* fix: resolved failing build
Signed-off-by: = <akhilmhdh@gmail.com>
* feat: updated doc and added stability matrix for infisical
Signed-off-by: = <akhilmhdh@gmail.com>
* feat: switched to less error prone use and revoke token strategy and added validate interface logic
Signed-off-by: = <akhilmhdh@gmail.com>
* feat: code lint issue fixes
Signed-off-by: = <akhilmhdh@gmail.com>
* feat: resolved review comments for infisical client
Signed-off-by: = <akhilmhdh@gmail.com>
* feat: improved test cases and resolved sonar issues
Signed-off-by: = <akhilmhdh@gmail.com>
* feat: resolved sonar suggestions
Signed-off-by: = <akhilmhdh@gmail.com>
* feat: resolved sonar suggestions for test const ids
Signed-off-by: = <akhilmhdh@gmail.com>
* feat: store changes to assertError
Signed-off-by: = <akhilmhdh@gmail.com>
---------
Signed-off-by: = <akhilmhdh@gmail.com>
2024-06-11 22:27:31 +02:00
Gergely Brautigam
94c9a33a11
feat: add location to GCP push secret ( #3502 )
...
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-06-07 09:46:29 +02:00
eso-service-account-app[bot]
41057acaf2
chore: update dependencies ( #3513 )
...
* update dependencies
Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
* fix: bump CRDs
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2024-05-25 21:42:52 +02:00
Luis Schweigard
0abb3e9cc4
Add support for Authentication against Azure Key Vault using Client Certificate ( #3469 )
...
* Implementation of Certificate Based Authz against Azure Key Vault
Signed-off-by: Luis Schweigard <luis.schweigard@gmail.com>
* Add tests for new Azure certificate auth functionality
Signed-off-by: Luis Schweigard <luis.schweigard@gmail.com>
* Add documentation for Azure Cert based Auth
Signed-off-by: Luis Schweigard <luis.schweigard@gmail.com>
* Generate spec.md
Signed-off-by: Luis Schweigard <luis.schweigard@gmail.com>
* Add changes from code review
Signed-off-by: Luis Schweigard <luis.schweigard@gmail.com>
* Fix naming in test error case
Signed-off-by: Luis Schweigard <luis.schweigard@gmail.com>
---------
Signed-off-by: Luis Schweigard <luis.schweigard@gmail.com>
2024-05-13 08:40:50 -03:00
Tiago de Freitas Lima
e474043a7c
Add githubaccesstoken CRD to kustomization.yaml ( #3446 )
...
* Add githubaccesstoken CRD to kustomization.yaml
Signed-off-by: Tiago de Freitas Lima <tiago.lima@nubank.com.br>
* Update crd.generate script to update resources list from kustomization.yaml file
Signed-off-by: Tiago de Freitas Lima <tiago.lima@nubank.com.br>
---------
Signed-off-by: Tiago de Freitas Lima <tiago.lima@nubank.com.br>
2024-05-06 19:50:37 -03:00
eso-service-account-app[bot]
34b4ff10da
chore: update dependencies ( #3433 )
...
* update dependencies
Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
* bump alibaba
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
* bump kube to 0.30
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
---------
Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Co-authored-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
2024-04-30 14:52:59 -03:00
Shuhei Kitagawa
9d17e34942
Refactor the SecretStore client manager ( #3419 )
...
* Refactor the SecretStore client manager
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
* Fix ineffectual assignment to err
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
* Update docs
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
---------
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
2024-04-29 05:15:21 -03:00
Mykhailo Zahlada
47cc50a9ed
Workloadidentity clientid from secret ref ( #3367 )
...
* updates documentation: extends workloadIdentity auth configuration
Signed-off-by: Mykhailo Zahlada <myzahlad@microsoft.com>
* adds and updates tests
Signed-off-by: Mykhailo Zahlada <myzahlad@microsoft.com>
* extends provider configuration to accept clientId and tenantId as auth SecretRef
Signed-off-by: Mykhailo Zahlada <myzahlad@microsoft.com>
* updates service account example
Signed-off-by: Mykhailo Zahlada <myzahlad@microsoft.com>
* updates docs
Signed-off-by: Mykhailo Zahlada <myzahlad@microsoft.com>
---------
Signed-off-by: Mykhailo Zahlada <myzahlad@microsoft.com>
Co-authored-by: Mykhailo Zahlada <myzahlad@microsoft.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
2024-04-18 05:09:53 -03:00
Thorben Below
432c6bf9ab
Feat: Add Passbolt Provider ( #3334 )
...
* add passbolt provider
Signed-off-by: Thorben Below <56894536+thorbenbelow@users.noreply.github.com>
* Fix: return err for unimplemented methods
Signed-off-by: Thorben Below <56894536+thorbenbelow@users.noreply.github.com>
---------
Signed-off-by: Thorben Below <56894536+thorbenbelow@users.noreply.github.com>
2024-04-18 09:58:25 +02:00
Shuhei Kitagawa
120fedf841
Add NamespaceSelectors field to ClusterExternalSecret ( #3268 )
...
https://github.com/external-secrets/external-secrets/issues/3257
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
2024-04-05 08:35:08 +09:00
Rodrigo Fior Kuntzer
9ff2354213
fix: introducing support for conversion strategy for PushSecret. ( #3292 )
...
* fix: introducing support for conversion strategy for PushSecret.
Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>
* fix: unit tests code quality.
Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>
---------
Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>
2024-04-04 16:31:28 +02:00
Michael Serchenia
84731616f4
GitHub provider (supersedes #3014 ) ( #3115 )
...
* github provider signed, supersedes #3014
Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>
* tests pass, + crd + docs
Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>
* fix sonarLint alert
Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>
* refactoring, replace secretStore with generator
Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>
* cosmetics + tst + lint pass
Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>
* docs
Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>
* clean-up + lint + test
Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>
* small refactor, fix issues left in comments
Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>
---------
Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>
2024-04-03 09:19:57 +02:00
Blair Drummond
731c0ed736
feat: add vault auth namespace option ( #3157 )
...
* feat: add vault auth namespace option
Signed-off-by: Blair Drummond <blaird@liatrio.com>
* fix: appease the linter
Signed-off-by: Blair Drummond <blaird@liatrio.com>
* feat: add tests for auth namespace
Signed-off-by: Blair Drummond <blaird@liatrio.com>
* fix: add make reviewable output
Signed-off-by: Blair Drummond <blaird@liatrio.com>
---------
Signed-off-by: Blair Drummond <blaird@liatrio.com>
2024-03-27 07:23:34 +01:00
Sulfixx
e57e4b72ca
Integrate Passworddepot ( #2799 )
...
* PLAT-1179 | updated to beta1
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* PLAT-1179 | Updating External Secrets fixes
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* PLAT-1179 | Fix to Passworddepots-crds-generation
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* PLAT-1179 | apiextensionsv1 removal
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* Update apis/externalsecrets/v1beta1/secretstore_passworddeport_types.go
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: Sulfixx <135371229+Sulfixx@users.noreply.github.com>
* Update apis/externalsecrets/v1beta1/secretstore_passworddeport_types.go
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: Sulfixx <135371229+Sulfixx@users.noreply.github.com>
* Update apis/externalsecrets/v1beta1/secretstore_types.go
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: Sulfixx <135371229+Sulfixx@users.noreply.github.com>
* PLAT-1179 | Removed insecureverify and other fixes
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* PLAT-1179 | Fixed Linter and Sonar Issues
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* PLAT-1179 | Fixed Typo in Passworddepot_api.go
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* PLAT-1179 | Resolved go.mod Conflict
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* PLAT-1179 | Resolved go.mod conflict typo
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* PLAT-1179 | admission.Warnings error fix
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* PLAT-1179 | Added nolint:bodyclose // linters bug
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* PLAT-1179 | Removed <= Head arrow from mkdocs.yml
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* PLAT-1179 | Added Make Check-Diff Changes
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* PLAT-1179 | Changed Error Package, Added Context, API Refactor
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* PLAT-1179 | Added const DoRequestError to reduce Codesmell
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* PLAT-1179 | Moved defer body close func into ReadAndUnmarshal
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* PLAT-1179 | Moved Status Check into ReadAndUnmarshal
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* PLAT-1179 | Removed Response.body from ReadAndUnmarshal
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* Update apis/externalsecrets/v1alpha1/secretstore_passworddepot_types.go
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: Sulfixx <135371229+Sulfixx@users.noreply.github.com>
* PLAT-1179 | Go mod tidy and Make generate
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* PLAT-1179 | Added empty SecretExists Method
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* PLAT-1179 | Renamed unsed ctx to _
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
---------
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
Signed-off-by: Sulfixx <135371229+Sulfixx@users.noreply.github.com>
Co-authored-by: Sören Rohweder <soeren.rohweder@fastleansmart.com>
Co-authored-by: Simon Becker <simon.becker@fastleansmart.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-03-12 13:33:08 +01:00
Carolin Dohmen
29e5f71d8b
Add PushSecret UpdatePolicy (to replace PR #3100 ) ( #3117 )
...
* Add PushSecret UpdatePolicy
Signed-off-by: Carolin Dohmen <carodohmen@gmail.com>
* Adjust description of UpdatePolicy in PushSecret Spec
Signed-off-by: Carolin Dohmen <carodohmen@gmail.com>
* Restructure PushSecret Status
Signed-off-by: Carolin Dohmen <carodohmen@gmail.com>
* Refactor PushSecret controller method
Signed-off-by: Carolin Dohmen <carodohmen@gmail.com>
* Add missing methods for new providers
Signed-off-by: Carolin Dohmen <carodohmen@gmail.com>
* Add missing method to onboardbase client
Signed-off-by: Carolin Dohmen <carodohmen@gmail.com>
* Add docs on PushSecret UpdatePolicy
Signed-off-by: Carolin Dohmen <carodohmen@gmail.com>
* Use constant for error message
Signed-off-by: Carolin Dohmen <carodohmen@gmail.com>
---------
Signed-off-by: Carolin Dohmen <carodohmen@gmail.com>
2024-03-08 11:17:31 +01:00
Shlomo Zalman Heigh
1d3209da59
Conjur E2E Tests for K8s JWT Authentication ( #3217 )
...
Signed-off-by: Shlomo Heigh <shlomo.heigh@cyberark.com>
2024-03-01 17:36:19 +01:00
Aleem Isiaka
52f6655345
Onboardbase ( #2697 )
...
* Commit and Save
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Pull secrets
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Integrate Onboardbase Into ESO
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Minor Fix And Cleanups
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Attend to review comments
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Commit and Save
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Pull secrets
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Integrate Onboardbase Into ESO
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Minor Fix And Cleanups
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Attend to review comments
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Commit and Save
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Pull secrets
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Integrate Onboardbase Into ESO
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Minor Fix And Cleanups
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Attend to review comments
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Commit and Save
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Pull secrets
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Integrate Onboardbase Into ESO
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Minor Fix And Cleanups
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Attend to review comments
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Run decrypt with error
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Commit and Save
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Pull secrets
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Integrate Onboardbase Into ESO
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Minor Fix And Cleanups
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Attend to review comments
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Commit and Save
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Pull secrets
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Integrate Onboardbase Into ESO
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Minor Fix And Cleanups
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Attend to review comments
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Commit and Save
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Pull secrets
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Integrate Onboardbase Into ESO
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Minor Fix And Cleanups
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Attend to review comments
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Commit and Save
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Pull secrets
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Integrate Onboardbase Into ESO
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Minor Fix And Cleanups
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Attend to review comments
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Install deps
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Improved docs
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Improved docs
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Update hack/crd.generate.sh
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Aleem Isiaka <30846935+limistah@users.noreply.github.com>
* address issues with running the code
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* decrypt library into code
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* add docs to onboardbase provider
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* refactor duplicates
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Address Issues with tests
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Address issues with delete policy and json secrets
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Fix lint errors
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* error out when there is tags in the find field
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* execute delete request with the right data
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* ignore deletion policy
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* improve lint errors
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* remove cryptojs decrypt libs
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Get secret value if property is set
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* run obb operator
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* 👌 IMPROVE: supports request deadline, esv1beta1 api updates
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* use same timeout
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* fix sonar cloud issues
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* fix sonar cloud issues
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* fix sonar cloud issues
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* fix failing test
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* add improve docs
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* add improve docs
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
---------
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
Signed-off-by: Nasirudeen Olohundare <iamnasirudeen@gmail.com>
Signed-off-by: Aleem Isiaka <30846935+limistah@users.noreply.github.com>
Co-authored-by: Nasirudeen Olohundare <iamnasirudeen@gmail.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
2024-02-29 21:28:17 +01:00
David Recuenco
af38fc68d5
ADD sdkms base implementation ( #3180 )
...
* ADD sdkms base implementation
Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com>
* FIX get secret object by name, unmarshalling error formatting
Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com>
* ADD suport for fortanix secret security objects
Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com>
* ADD more tests for opaque, secret, new client
Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com>
* FIX changes required by make reviewable
Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com>
* ADD missing provider registration
Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com>
* FIX remove unused error string, add generated assets
Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com>
---------
Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com>
2024-02-28 10:59:47 +01:00
Gustavo Fernandes de Carvalho
1cf8f68276
Implements Webhook Generator ( #3121 )
...
* adding webhook generators
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
* bumping bundle
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
* linting
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
* fixing copy-paste error
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
* common webhook functions
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
* removing duplicates. Adding tests for generator
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
* docs
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
---------
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
2024-02-17 06:49:31 -03:00
Engin Diri
dc9b5b7207
feat: add support for Pulumi ESC ( #2997 )
...
Signed-off-by: Engin Diri <engin.diri@ediri.de>
2024-02-14 19:56:06 +01:00
Sourav Patnaik
a012f4829c
Implementation of Chef External Secrets Provider ( #3127 )
...
* Adding the details for chef provider secret store.
Issue: https://github.com/external-secrets/external-secrets/issues/2905
This commit intends to add the chef provider structure to the existing list of external-secrets providers.
It defines the structure of the SecretStore and ClusterSecretStore for chef Provider.
The yaml resource will contain 3 important parts to identify and connect to chef server to reconcile secrets. They are:
1. serverurl: This is the URL to the chef server.
2. username: The username to connect to the chef server.
3. auth: The password to connect to the chef server. It is a reference to an already existing kubernetes secret containing the password.
This commit also contains the auto generated CRDs using the `make generate` command.
Signed-off-by: Subroto Roy <subrotoroy007@gmail.com>
* Implementation for Chef ESO provided
Signed-off-by: vardhanreddy13 <vvv.vardhanreddy@gmail.com>
* - implemented Chef eso, added required methods
- added unit test cases
- added sample documentation
Issue: https://github.com/external-secrets/external-secrets/issues/2905
Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>
* Added Documentation for Authentication
Signed-off-by: Subroto Roy <subrotoroy007@gmail.com>
* added documentation for Chef eso
Issue: https://github.com/external-secrets/external-secrets/issues/2905
Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>
* Updated chef ESO documentation
Signed-off-by: vardhanreddy13 <vvv.vardhanreddy@gmail.com>
* updated ValidateStore method signature
Issue: https://github.com/external-secrets/external-secrets/issues/2905
Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>
* made changes in chef provider to satisfy 'make docs'
Issue: https://github.com/external-secrets/external-secrets/issues/2905
Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>
* - updated code as per review comment, make reviewable suggestions
Issue: https://github.com/external-secrets/external-secrets/issues/2905
Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>
* modified chef provider code as per review comment
Issue: https://github.com/external-secrets/external-secrets/issues/2905
Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>
---------
Signed-off-by: Subroto Roy <subrotoroy007@gmail.com>
Signed-off-by: vardhanreddy13 <vvv.vardhanreddy@gmail.com>
Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>
Co-authored-by: Subroto Roy <subrotoroy007@gmail.com>
Co-authored-by: vardhanreddy13 <vvv.vardhanreddy@gmail.com>
2024-02-14 09:54:08 +01:00
eso-service-account-app[bot]
41cd1d36a4
chore: update dependencies ( #3065 )
...
* update dependencies
Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
* fix: re-generate CRDs with new controller-runtime version
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2024-01-22 20:56:06 +01:00
Rodrigo Fior Kuntzer
31cecaa62b
feat: add support for Hashicorp Vault mTLS ( #3018 )
...
* feat: adding support for mTLS to the Vault provider
Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>
2024-01-19 00:43:28 +01:00
Gergely Brautigam
d6e24a82bd
feat: add templating to PushSecret ( #2926 )
...
* feat: add templating to PushSecret
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* adding unit tests around templating basic concepts and verifying output
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* extracting some of the common functions of the parser
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* remove some more duplication
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* removed commented out code segment
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* added documentation for templating feature
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* simplified the templating for annotations and labels
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
---------
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2023-12-22 21:45:34 +01:00
Victor Santos
3599384660
feat(fake): deprecate ValueMap to use Value instead ( #2884 )
2023-12-02 06:57:48 +09:00
Gergely Brautigam
3fbe318582
feat: allow pushing the whole secret to the provider ( #2862 )
...
* feat: allow pushing the whole secret to the provider
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* add documentation about pushing a whole secret
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* disabling this feature for the rest of the providers for now
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* added scenario for update with existing property
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
---------
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2023-11-21 22:00:21 +01:00
Lakhan Jindam
325f36e47d
add validations for the remaining enum values ( #2860 )
...
* add validations for the remaining enum values
Signed-off-by: lakhan jindam <lakhanj569@gmail.com>
* generate crd configs using make reviewable cmd and address review comments
Signed-off-by: lakhan jindam <lakhanj569@gmail.com>
---------
Signed-off-by: lakhan jindam <lakhanj569@gmail.com>
2023-11-18 19:55:39 -03:00
Yonatan Koren
d42e19dc70
feat: AWS SecretsManager Config (allow ForceDeleteWithoutRecovery for PushSecret) ( #2854 )
...
* Add secretsmanager config.
Signed-off-by: Yonatan Koren <10080107+korenyoni@users.noreply.github.com>
* Fix unit tests.
Signed-off-by: Yonatan Koren <10080107+korenyoni@users.noreply.github.com>
* Update docs, fix validation, tests.
Signed-off-by: Yonatan Koren <10080107+korenyoni@users.noreply.github.com>
* Fix grammatical error in attribute descriptions.
Signed-off-by: Yonatan Koren <10080107+korenyoni@users.noreply.github.com>
* Improve API docs for SecretsManager.
Signed-off-by: Yonatan Koren <10080107+korenyoni@users.noreply.github.com>
---------
Signed-off-by: Yonatan Koren <10080107+korenyoni@users.noreply.github.com>
2023-11-14 18:44:22 -03:00
Anders Swanson
f4a7c95b54
feat: Oracle PushSecret & find implementation ( #2840 )
...
Signed-off-by: anders-swanson <anders.swanson@oracle.com>
2023-11-03 21:42:27 +01:00
Moritz Johner
9ff86eab51
fix: remove sourceRef.generatorRef from .data[] ( #2735 )
...
fix: deprecate sourceRef.generatorRef from .data[]
A generator is supposed to be used via .dataFrom[]. Usage in .data[]
is not implemented and doesn't make sense, see #2720 .
This commit splits the SourceRef into two types:
- one that only defines a secretStoreRef
- one that allows to define either secretStoreRef or generatorRef
The former is used in .data[] and the latter is used in .dataFrom[].
The Deprecated field is going to be removed with v1.
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2023-11-02 14:37:59 +01:00
Anders Swanson
8dd934ceed
feat: Oracle provider service account masquerade ( #2817 )
...
* feat: Oracle provider service account masquerade
Signed-off-by: anders-swanson <anders.swanson@oracle.com>
2023-11-02 08:34:18 +01:00
Shuhei Kitagawa
ff0ef2e6d9
Add validations for the enum values ( #2819 )
...
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
2023-10-30 13:30:04 +01:00
Gergely Brautigam
7fbae000d6
feat: add namespace list selector to ClusterExternalSecrets ( #2803 )
...
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2023-10-25 13:58:05 +02:00
Sonny Alves Dias
0a0fd050c0
add directive to apply template on secret names ( #2802 )
...
Signed-off-by: Sonny Alves Dias <sonny.dias@superevilmegacorp.com>
2023-10-25 13:45:38 +02:00
Anders Swanson
b1bad77eb3
Oracle: Workload Identity authentication ( #2781 )
...
* Oracle: Workload Identity authentication
Signed-off-by: anders-swanson <anders.swanson@oracle.com>
* Merge main
Signed-off-by: anders-swanson <anders.swanson@oracle.com>
* Cleanup go.mod
Signed-off-by: anders-swanson <anders.swanson@oracle.com>
* Lint
Signed-off-by: anders-swanson <anders.swanson@oracle.com>
* Use mutex for environment variables
Signed-off-by: anders-swanson <anders.swanson@oracle.com>
---------
Signed-off-by: anders-swanson <anders.swanson@oracle.com>
Signed-off-by: Anders Swanson <91502735+anders-swanson@users.noreply.github.com>
2023-10-24 21:48:25 +02:00