Skip to content
This repository was archived by the owner on Aug 4, 2025. It is now read-only.

update cloudant/external-secrets with external-secrets/external-secrets main branch#8

Merged
sourav977 merged 101 commits intocloudant:update-v0.7.2from
external-secrets:main
Feb 14, 2023
Merged

update cloudant/external-secrets with external-secrets/external-secrets main branch#8
sourav977 merged 101 commits intocloudant:update-v0.7.2from
external-secrets:main

Conversation

@sourav977
Copy link
Copy Markdown

@sourav977 sourav977 commented Feb 14, 2023

update cloudant/external-secrets with external-secrets/external-secrets main branch, v0.7.2

posquit0 and others added 30 commits October 26, 2022 20:16
@posquit0
Add DaangnPay to ADOPTERS.md (#1668)
e3e1cf0 
Signed-off-by: Byungjin Park (Claud) <posquit0.bj@gmail.com>

Signed-off-by: Byungjin Park (Claud) <posquit0.bj@gmail.com>
@gusfcarvalho
🐛 Implements new buildPath logic (#1636)
d5cc8b3 
Signed-off-by: Gustavo <gusfcarvalho@gmail.com>
@moolen
fix: allow controller to delete delete externalsecrets (#1670)
411f03f 
When using ClusterExternalSecret the controller needs to delete
external-secret resources

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
@moolen
feat: attach sbom/provenance files to GH release, fix clomonitor (#1656)
8cce1ad 
* feat: attach sbom/provenance files to GH release, fix clomonitor

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* fix: remove codesee

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
@moolen
chore: bump 0.6.1 (#1678)
2d5cb1b 
* chore: bump 0.6.1

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* fix: increase timeout for azure/e2e test

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
@sebagomez
Link to video was broken (#1680)
5debee4 
Signed-off-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com>

Signed-off-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com>
@moolen @gusfcarvalho
Feature: initial generator implementation + Github Actions OIDC/AWS (#…
dabfa5a 
…1539)

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
@gusfcarvalho
🧹 chore: bumping versions (#1688)
d1fa285 
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
@domizei385 @gusfcarvalho
✨gitlab: getAllSecrets (#1681)
6ec0d2c 
* gitlab: getAllSecrets

Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>

* Update pkg/provider/gitlab/gitlab.go

Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Dominik Zeiger <domizei385@users.noreply.github.com>
Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>

* gitlab: added some test coverage

Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>

Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>
Signed-off-by: Dominik Zeiger <domizei385@users.noreply.github.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
@IdanAdar
🧹Update index.md (#1689)
36b3115 
Signed-off-by: Idan Adar <iadar@il.ibm.com>

Signed-off-by: Idan Adar <iadar@il.ibm.com>
@gusfcarvalho
🧹Bumping versions (#1708)
bd44958 
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
@Jeet-14
📚Update hashicorp-vault.md (#1690)
7f6ba97 
* Update hashicorp-vault.md

Vault with HA setup does not have kv engine enabled by default, have added step to enable kv engine with correct version and enabling version if already added.

Signed-off-by: Jeet <jeetdesai2342@gmail.com>

* Update hashicorp-vault.md

Signed-off-by: Jeet <jeetdesai2342@gmail.com>

* Update hashicorp-vault.md

Add comment on SecretStore.yaml

Signed-off-by: Jeet <jeetdesai2342@gmail.com>

Signed-off-by: Jeet <jeetdesai2342@gmail.com>
@moolen
feat: bump deps (#1729)
a60a6d9 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
@seonggwonyoon
Update getting-started.md (#1716)
f611a04 
Delete 1 whitespace

Signed-off-by: Seonggwon Yoon <keyakoto@gmail.com>

Signed-off-by: Seonggwon Yoon <keyakoto@gmail.com>
@dependabot @moolen
chore(deps): bump github.com/aws/aws-sdk-go from 1.44.141 to 1.44.142 (
b333422 
…#1730)

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.141 to 1.44.142.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](aws/aws-sdk-go@v1.44.141...v1.44.142)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
@domizei385
gitlab: support for CI/CD group variables (#1692)
f38f40a 
* gitlab: support for ci/cd group variables

Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>

* gitlab: support for ci/cd group variables (automatically discover project groups)

Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>

* gitlab: support for ci/cd group variables (documentation)

Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>

Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>
@moolen
chore: bump dependencies (#1741)
1ca002c 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
@moolen
feat: add manual build trigger (#1742)
2ffdad7 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
@christianhuening
Proposal Draft for Secret Generators (#1338)
063af87 
* Proposal Draft for Secret Generators

Signed-off-by: Christian Hüning <christian.huening@finleap.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
@moolen
feat: add release manifests (#1728)
6fc6ba7 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
@moolen
feat: fips compliant build using boringcrypto (#1731)
dd08a78 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
@domizei385 @moolen
gitlab: support "environment_scope" tag for findAll (#1732)
b7100e2 
Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>

Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
@stevenbressey
Feature: Add secret metadata templating from secret values (#1740)
b5be79d 
* handle template data for secret labels & annotations

Signed-off-by: Steven Bressey <steven.bressey@artifakt.io>
@domizei385
gitlab: small documentation updates (#1747)
117e93b 
Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>

Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>
@gusfcarvalho
🧹chore: bumps (#1758)
d71e905 
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
@gusfcarvalho
✨Feature/push secret (#1315)
0cb799b 
Introduces Push Secret feature with implementations for the following providers:

* GCP Secret Manager
* AWS Secrets Manager
* AWS Parameter Store
* Hashicorp Vault KV

Signed-off-by: Dominic Meddick <dominic.meddick@engineerbetter.com>
Signed-off-by: Amr Fawzy <amr.fawzy@container-solutions.com>
Signed-off-by: William Young <will.young@engineerbetter.com>
Signed-off-by: James Cleveland <james.cleveland@engineerbetter.com>
Signed-off-by: Lilly Daniell <lilly.daniell@engineerbetter.com>
Signed-off-by: Adrienne Galloway <adrienne.galloway@engineerbetter.com>
Signed-off-by: Marcus Dantas <marcus.dantas@engineerbetter.com>
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Nick Ruffles <nick.ruffles@engineerbetter.com>
@gusfcarvalho
Fixing release pipeline for boringssl (#1763)
8492c28 
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
@gusfcarvalho
chore: bump 0.7.0-rc1 (#1765)
0e8f963 
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
@moolen
chore: improve naming in examples, regenerate api doc spec (#1746)
242a6ee 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
@pascalwhoop
Update getallsecrets.md (#1774)
3c5d369 
typo

Signed-off-by: Pascal Bro <git@pascalbrokmeier.de>

Signed-off-by: Pascal Bro <git@pascalbrokmeier.de>
gusfcarvalho and others added 29 commits January 13, 2023 07:13
@gusfcarvalho
✨ Adds Keyvault PushSecret (#1883)
8336586 
* Adds Keyvault PushSecret

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
@eminalemdar
Added my new blog post (#1909)
201e56f 
I've added my new blog post about Push Secret feature.

Signed-off-by: Emin Alemdar <77338109+eminalemdar@users.noreply.github.com>

Signed-off-by: Emin Alemdar <77338109+eminalemdar@users.noreply.github.com>
@moolen
✨ implement azure referent auth (#1886)
736b287 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
@gusfcarvalho
🧹 chore: bumps (#1913)
a2518e4 
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
@gusfcarvalho
🧹 chore: bumps (#1923)
a7d6224 
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
@gusfcarvalho
🧹 chore: bumps (#1925)
b36e027 
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
@gusfcarvalho
🧹 bump: 0.7.2 (#1926)
19f297e 
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
@knelasevero
Update README.md (#1930)
47ea26f 
Signed-off-by: Lucas Severo Alves <lucassalves65@gmail.com>

Signed-off-by: Lucas Severo Alves <lucassalves65@gmail.com>
@a27kash @moolen
Set GOOS and GOARCH from TARGETPLATFORM (#1915)
5ab0277 
Removed hardcoded, single platform values for GOOS and GOARCH.
Set GOOS and GOARCH from TARGETPLATFORM to build multi-platform images.
Ref: https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope
Ref: https://docs.docker.com/build/building/multi-platform/
Build a multi-platform image `docker buildx build --push --platform linux/arm64,linux/amd64 --tag external-secrets:dev --file Dockerfile.standalone .`

Signed-off-by: a27kash <a27kash@gmail.com>

Signed-off-by: a27kash <a27kash@gmail.com>
Signed-off-by: Moritz Johner <moolen@users.noreply.github.com>
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
@gusfcarvalho
🐛 fixing image rebuild pipeline (#1934)
f2cdf38 
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
@0xDones
Update aws-parameter-store.md (#1931)
709db58 
Signed-off-by: Denis Policastro <denis.policastro@gmail.com>

Signed-off-by: Denis Policastro <denis.policastro@gmail.com>
@gusfcarvalho
✨ Feature/deletion policies (#1914)
769efdc 

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
@moolen
feat: make cache generic, refactor feature flags (#1640)
5ef3b23 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
@garethjevans
📚 use more inclusive language (#1927)
ac9993f 
Signed-off-by: Gareth Evans <gareth@bryncynfelin.co.uk>
@titilambert
✨ Support template for webhook jsonpath (#1939)
6862c9c 
* Support template for webhook jsonpath

Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com>
@titilambert
Add jsonpath filter support to webhook (#1940)
ff88395 
* Add jsonpath filter support to webhook

Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com>

* Fix tests

Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com>

Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com>
@mycrEEpy
Fix wrong IAM permissions in docs for the AWS Parameter Store (#1949)
bde9f94 
Signed-off-by: Tobias Germer <tobias.germer@tui.com>
@moolen
🐛 no need to use cgo (#1935)
322f61d 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
@gusfcarvalho @moolen
🐛 Fixing PushSecret CRD generation (#1967)
a1f8a8a 
* Fixing PushSecret CRD generation

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* fix: increase hashicorp vault cache size to prevent eviction

Also remove tiny cache size from e2e tests

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

---------

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
@moolen
feat: bump packages (#1976)
e0a9986 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
@evertramos
Update full-cluster-secret-store.yaml (#1953)
fa3acc5 
Add Oracle provider

Signed-off-by: Evert Ramos <evert.ramos@gmail.com>
@moolen
🐛 remove ability to call env and expandenv in webhook (#1977)
6da8b96 
This allows an attacker to exfiltrate environment variables.

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
@mikhailadvani @moolen
✨ enhance ServiceMonitor configuration (#1973)
1aef142 
* Fix #1971

Signed-off-by: mikhailadvani <mikhail.advani@gmail.com>

* PR feedback

Signed-off-by: mikhailadvani <mikhail.advani@gmail.com>

* fix: generate helm docs

---------

Signed-off-by: mikhailadvani <mikhail.advani@gmail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
@mhoyer @moolen
✨ add ability to configure revisionHistoryLimit in helm chart (#1979)
ea6cbe2 
* feat: add ability to configure `revisionHistoryLimit` for all Deployment resources of the helm chart

This enables to turn ReplicaSet revisions off completely, e.g. when deploying ExternalSecrets with GitOps approach.

Signed-off-by: Marcel Hoyer <mhoyer@pixelplastic.de>

* fix: generate helm docs

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

---------

Signed-off-by: Marcel Hoyer <mhoyer@pixelplastic.de>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
@pepordev @gusfcarvalho @moolen
✨ add-keeper-security-provider (#1768)
c2054cc 
* add keepersecurity provider

Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>

* 🧹chore: bumps (#1758)

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>

* ✨Feature/push secret (#1315)

Introduces Push Secret feature with implementations for the following providers:

* GCP Secret Manager
* AWS Secrets Manager
* AWS Parameter Store
* Hashicorp Vault KV

Signed-off-by: Dominic Meddick <dominic.meddick@engineerbetter.com>
Signed-off-by: Amr Fawzy <amr.fawzy@container-solutions.com>
Signed-off-by: William Young <will.young@engineerbetter.com>
Signed-off-by: James Cleveland <james.cleveland@engineerbetter.com>
Signed-off-by: Lilly Daniell <lilly.daniell@engineerbetter.com>
Signed-off-by: Adrienne Galloway <adrienne.galloway@engineerbetter.com>
Signed-off-by: Marcus Dantas <marcus.dantas@engineerbetter.com>
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Nick Ruffles <nick.ruffles@engineerbetter.com>
Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>

* Fixing release pipeline for boringssl (#1763)

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>

* chore: bump 0.7.0-rc1 (#1765)

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>

* added documentation

Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>

* added pushSecret first iteration

Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>

* added pushSecret and updated documentation

Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>

* refactor client

Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>

* update code and unit tests

Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>

* fix code smells

Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>

* fix code smells

Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>

* fix custom fields

Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>

* making it reviewable

Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>

* fix custom field on secret map

Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>

* Update docs/snippets/keepersecurity-push-secret.yaml

Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>

* fixed edge case, improved validation errors and updated docs

Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>

* fix logic retrieving secrets

Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>

* Update pkg/provider/keepersecurity/client.go

Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>

* lint code

Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>

* linting code

Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>

* go linter fixed

Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>

* fix crds and documentation

Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>

---------

Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Dominic Meddick <dominic.meddick@engineerbetter.com>
Signed-off-by: Amr Fawzy <amr.fawzy@container-solutions.com>
Signed-off-by: William Young <will.young@engineerbetter.com>
Signed-off-by: James Cleveland <james.cleveland@engineerbetter.com>
Signed-off-by: Lilly Daniell <lilly.daniell@engineerbetter.com>
Signed-off-by: Adrienne Galloway <adrienne.galloway@engineerbetter.com>
Signed-off-by: Marcus Dantas <marcus.dantas@engineerbetter.com>
Signed-off-by: Nick Ruffles <nick.ruffles@engineerbetter.com>
Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>
Co-authored-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
@moolen
🐛 fix panic when using jwt without secretRef/saRef (#1980)
e72f371 
Fixes #1957

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
@moolen
🧹 bump dependencies & regenerate CRDs (#1990)
731da81 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
@sebagomez
Fixed broken link (#1992)
fe3c78d
@moolen
fix: fix validation method in kubernetes provider (#2000)
1e04177 
RBAC allows a user to define a wildcard `*` for a given field in the
Resource Rule. Prefix/Suffix matching or globbing is not supported,
just simple wildcards.
For example the cluster-admin role has a `*` on all
apiVersion/resource/verbs and hence validation would fail.

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
@sourav977 sourav977 merged commit 0ef36c3 into cloudant:update-v0.7.2 Feb 14, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.