Dominik Zeiger
f38f40a2b4
gitlab: support for CI/CD group variables ( #1692 )
...
* gitlab: support for ci/cd group variables
Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>
* gitlab: support for ci/cd group variables (automatically discover project groups)
Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>
* gitlab: support for ci/cd group variables (documentation)
Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>
Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>
2022-11-21 22:26:34 +01:00
Moritz Johner
dabfa5a589
Feature: initial generator implementation + Github Actions OIDC/AWS ( #1539 )
...
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
2022-10-29 20:15:50 +02:00
Yannay Hammer
14f5ddf198
Added namespace condition to ClusterSecretStore ( #1635 )
...
* Added namespace condition to ClusterSecretStore
Signed-off-by: Yannay Hammer <yannayha@gmail.com>
* Added the new conditions field to the docs
Signed-off-by: Yannay Hammer <yannayha@gmail.com>
* Added tests to ClusterSecretStore namespace conditions
Signed-off-by: Yannay Hammer <yannayha@gmail.com>
* Added some comments to explain tests better
Signed-off-by: Yannay Hammer <yannayha@gmail.com>
* Fixed a testcase
Signed-off-by: Yannay Hammer <yannayha@gmail.com>
* Increased golangci timeout to 10m
Signed-off-by: Yannay Hammer <yannayha@gmail.com>
* Fixed test to use fakeProvider correctly
Signed-off-by: Yannay Hammer <yannayha@gmail.com>
* Removed hardcoded timeout from make lint
Signed-off-by: Yannay Hammer <yannayha@gmail.com>
* Improved error message on non matching namespace
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
Signed-off-by: Yannay Hammer <yannayha@gmail.com>
* Modified testCase to use GenericStore interface
Signed-off-by: Yannay Hammer <yannayha@gmail.com>
* Attempt at generalizing the testcase and reducing code duplication
Signed-off-by: Yannay Hammer <yannayha@gmail.com>
* Reduced some diff
Signed-off-by: Yannay Hammer <yannayha@gmail.com>
* fix: tidy e2e mod
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Signed-off-by: Yannay Hammer <yannayha@gmail.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Docs <docs@external-secrets.io>
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2022-10-17 16:40:18 +02:00
dependabot[bot]
e9cc6b3d79
chore(deps): bump sigs.k8s.io/controller-tools from 0.9.2 to 0.10.0 ( #1581 )
...
* chore(deps): bump sigs.k8s.io/controller-tools from 0.9.2 to 0.10.0
Bumps [sigs.k8s.io/controller-tools](https://github.com/kubernetes-sigs/controller-tools ) from 0.9.2 to 0.10.0.
- [Release notes](https://github.com/kubernetes-sigs/controller-tools/releases )
- [Changelog](https://github.com/kubernetes-sigs/controller-tools/blob/master/RELEASE.md )
- [Commits](https://github.com/kubernetes-sigs/controller-tools/compare/v0.9.2...v0.10.0 )
---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-tools
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix: re-generate CRDs
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2022-09-27 22:09:21 +02:00
Dominik Zeiger
fa38fe1e60
enable configuration of environment_scope for gitlab provider ( #1565 )
...
* enable configuration of environment_scope for gitlab provider
Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>
2022-09-27 22:08:38 +02:00
Ryan Blunden
f01e13f21b
Add Doppler provider ( #1573 )
...
* Add Doppler provider
Signed-off-by: Ryan Blunden <ryan.blunden@doppler.com>
2022-09-23 22:47:25 +02:00
renanaAkeyless
ed59520674
added akeyless k8s auth option ( #1531 )
...
* added akeyless k8s auth option
Signed-off-by: Docs <renana@akeyless.io>
2022-09-11 13:25:29 +02:00
dependabot[bot]
67fedc840e
✨ Kubernetes v1.24 upgrade ( #1345 )
...
* build(deps): bump sigs.k8s.io/controller-runtime from 0.11.2 to 0.12.3
Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime ) from 0.11.2 to 0.12.3.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases )
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/master/RELEASE.md )
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.11.2...v0.12.3 )
---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* feat: bump kubernetes 1.24
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: backwards-compatible vault implementation
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* feat: add audiences field to serviceAccountRef
This will be used by aws, azure, gcp, kubernetes & vault providers
in combination with TokenRequest API: it will _append_ audience claims
to provider-specific audiences.
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* feat: refactor kubernetes client to match provider/client interfaces
the kubernetes provider mixed up provider and client interfaces which
made it really hard to reason about. This commit separates into two
structs, each implements one interface.
The client struct fields have been renamed and annotated so their use
and scope is clear.
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: deprecate expirationSeconds
expirationSeconds is not needed because we generate a
service account token on the fly for a single use.
There will be no replacement for this.
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: rename token fetch audiences field
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: generate CRDs
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2022-08-19 17:32:06 +02:00
Moritz Johner
2d20b5488e
feat: add azkv.environmentType ( #1469 )
...
users of USGovCloud, ChinaCloud, GermanCloud need slightly different
configuration for AADEndpoint and keyvault resource.
This is based on CSI Secret Store Azure KV driver,
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2022-08-18 00:12:44 +02:00
Helena Steck
2b5710d8d5
add missing default values for spec.target ( #1431 )
...
Add missing default values for ExternalSecretTarget on CRD definition
Fixes #1233
Signed-off-by: Helena Steck <steckhelena@gmail.com>
2022-08-08 21:27:13 +02:00
Gustavo Fernandes de Carvalho
b4e7acfaa9
✨ Implements dataFrom key rewrite ( #1381 )
...
* Implements dataFrom key rewrite
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
* docs: add example to remove invalid characters
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2022-08-04 15:24:02 -03:00
dependabot[bot]
9c09b936b1
build(deps): bump sigs.k8s.io/controller-tools from 0.9.0 to 0.9.2 ( #1322 )
...
* build(deps): bump sigs.k8s.io/controller-tools from 0.9.0 to 0.9.2
Bumps [sigs.k8s.io/controller-tools](https://github.com/kubernetes-sigs/controller-tools ) from 0.9.0 to 0.9.2.
- [Release notes](https://github.com/kubernetes-sigs/controller-tools/releases )
- [Changelog](https://github.com/kubernetes-sigs/controller-tools/blob/master/RELEASE.md )
- [Commits](https://github.com/kubernetes-sigs/controller-tools/compare/v0.9.0...v0.9.2 )
---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-tools
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix: re-gen CRDs
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2022-07-28 22:39:24 +02:00
Moritz Johner
4affcb7345
🐛 Clarify CAProvider usage in struct annotations ( #1397 )
...
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2022-07-27 18:44:23 -03:00
Devin Buhl
1da44c7fb0
feat: add kustomization file to config/crds/bases folder ( #1274 )
...
* fix: add kustomization file to crds folder
This will allow for the CRDs to be installed into a Kubernetes cluster from a Kustomization, for example:
```yaml
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- github.com/external-secrets/external-secrets//config/crds/bases?ref=v0.5.6
```
* fix: generate script
* fix: helm.generate
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2022-07-27 19:28:59 +02:00
Mike
fdf1f9ce6f
feat: Add support for container auth to IBM provider. ( #1177 )
2022-07-26 22:48:07 +02:00
Gareth Evans
7eff8db532
feat: additional columns for kubectl output ( #1359 )
2022-07-19 20:48:37 +02:00
Gustavo Fernandes de Carvalho
fa91ba0f6c
✨ Adds DecodingStrategy to ExternalSecrets ( #1294 )
...
Fixes #920
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
2022-07-12 09:18:00 -03:00
Moritz Johner
cff9be1664
feat(kubernetes): allow service account auth ( #1201 )
...
* feat(kubernetes): allow service account auth
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2022-06-13 21:49:05 +02:00
Gustavo Carvalho
e3e7acb153
bump controller-tools,google-golang-api,google-golang-grpc versions
...
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
2022-05-25 07:39:22 -03:00
paul-the-alien[bot]
1a6579b876
Merge pull request #1062 from dreadful-dragon/feature/azkv-tags-sync
...
azkv tag feature
2022-05-20 15:51:50 +00:00
paul-the-alien[bot]
3de2cc8bee
Merge pull request #1040 from AndreyZamyslov/yandex-certificate-manager
...
Support for Yandex Certificate Manager
2022-05-17 16:48:58 +00:00
Cristina DE DIOS GONZÁLEZ
3256bc4b82
azkv tag feature
2022-05-16 16:49:34 +02:00
david amick
435aefc7ac
Add 1Password support
2022-05-08 17:01:26 -07:00
Docs
c73206b29c
Add senhasegura DSM provider
2022-05-02 13:28:18 -03:00
Gonzalo Servat
db7fd4a037
Fix casing on Gitlab
2022-04-28 21:43:42 +10:00
Docs
dc7df48cae
add support for Yandex Certificate Manager
2022-04-22 21:40:52 +03:00
Gustavo Carvalho
3bd0d2d04f
Making spec.target optional
...
fixes #996
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
2022-04-20 13:27:13 -03:00
Merlin
4820cc9165
Ignore ExternalSecret processing if the store is not usuable (e.g.
...
NotReady).
2022-04-13 23:24:39 +02:00
Moritz Johner
c2bcceb057
feat: implement deletionPolicy ( #900 )
...
* feat: implement deletionPolicy
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gustavo.carvalho@container-solutions.com>
2022-04-05 13:38:06 +02:00
Alfred Krohmer
d7022b1bef
feat(vault): add option for JWT backend to authenticate with Kubernetes service account token ( #768 )
2022-04-04 21:20:58 +02:00
Gustavo Carvalho
c779ef59e7
Marking v1alpha1 as deprecated.
...
Improving docs and menu order.
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
2022-03-29 11:21:32 -03:00
Moritz Johner
cf7e3832ae
feat(azure): implement workload identity ( #738 )
...
* feat(azure): implement workload identity
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Henning Eggers <henning.eggers@inovex.de>
2022-03-22 21:59:01 +01:00
Docs
bdc5d9b378
fix: update CRDs
2022-03-20 09:34:03 +01:00
Daniel Hix
324c7def06
feat: implement ClusterExternalSecret ( #542 )
...
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
2022-03-20 09:32:27 +01:00
Gustavo Carvalho
164e8776ec
Adding docs and implementing ConversionStrategy
...
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
2022-03-09 06:59:54 -03:00
Gustavo Carvalho
2f23fd28ed
Adding GetAllSecrets for Hashicorp Vault
...
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
2022-03-09 05:40:09 -03:00
paul-the-alien[bot]
439ecfaf9d
Merge pull request #783 from AtzeDeVries/allow-gcp-cross-project-secrets
...
GCP: allow cluster to be in different project
2022-03-09 10:03:20 +00:00
Atze de Vries
2f53ab8220
also make optional for v1beta1 and add note to docs
2022-03-03 19:35:38 +01:00
Atze de Vries
739043283c
make clusterProjectID omitemtpy
2022-03-02 18:03:45 +01:00
Atze de Vries
da47ad2cac
GCP: allow cluster to be in different project
2022-03-02 11:24:04 +01:00
Moritz Johner
8fc4484cc6
feat: implement validating webhook
...
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2022-03-01 21:25:15 +01:00
Moritz Johner
fb8f496204
Merge branch 'main' into feature/conversion-webhook
2022-02-23 08:15:03 +01:00
Gustavo Carvalho
40ec693479
Merge branch 'main' into feature/conversion-webhook
...
Fixed conflicts and implemented necessary changes for v1beta1
2022-02-16 16:00:32 -03:00
Gustavo Carvalho
1d8cfc4a12
Changed logic of Webhook check for certs.
...
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
2022-02-14 15:46:10 -03:00
Gustavo Carvalho
23784803ff
Merge branch 'main' into feature/conversion-webhook
...
Updated Oracle provider new specs for v1beta1
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
2022-02-10 16:55:37 -03:00
Gustavo Carvalho
fd9e09a1ee
WIP: Structured reconciliation loops for CRDs
...
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
2022-02-10 14:12:13 -03:00