feat: make cache generic, refactor feature flags#1640
Merged
Conversation
dd61653 to
9fb6385
Compare
👇 Click on the image for a new way to code review
Legend |
21732a9 to
70310f1
Compare
|
Kudos, SonarCloud Quality Gate passed!
|
| type Cache[T any] struct { | ||
| lru *lru.Cache | ||
| size int | ||
| cleanupFunc cleanupFunc[T] |
Member
There was a problem hiding this comment.
We allow this mutator as a way to control what happens when the session expires, right?. If that's so, wouldn't it be worth to also foresee a Get Mutator as a way to renew the lease and not allowing it to expire? Not saying to implement it now, just to have it in mind.
Member
Author
There was a problem hiding this comment.
when the session expires
Not when the session expire; It is called when the LRU reaches max capacity and evicts the last-recently-used item from the cache.
I see where you're heading with your questions, we can consider building something on top of this that provides session management capabilities.
But i'm not sure yet how that could look like (do we want to persist that somewhere? what happens when a controller restarts? etc.)
| limitations under the License. | ||
| */ | ||
|
|
||
| package cache |
Member
There was a problem hiding this comment.
This PR was done before generators IIRC - having said that, I believe we do want to use the same caching mechanism for the generators (so I'm not sure we want to have feature and cache under provider folder). WDYT?
Member
Author
There was a problem hiding this comment.
I moved it one level up into ./pkg; In fact, it is already used by the ecr generator.
| feature.Register(feature.Feature{ | ||
| Flags: fs, | ||
| }) | ||
| sessionCache = cache.Must[*session.Session](1024, nil) |
Member
There was a problem hiding this comment.
I think you've already teached me this, but we don't need to do a cleanup here because AWS does the cleanup for us after a fixed amount of time, right? 😅
Member
Author
There was a problem hiding this comment.
revisiting this after a long time i had to dig for this a bit:
- yes, we don't need to clean that up. session duration is 1-12h in AWS
- in case the AWS session expires the
*session.Sessionwill take care of renewing the credentials in the background. It is not needed with static credentials; It is done when using creds via Kubernetes service account. ThejwtProvidergenerates a new Kubernetes SA token: this process is automatic and happening in the background
Speaking of expiration and cleanup: There is a LRU with ttl PR in flight which looks very promising. It doesn't fit 100% our needs but this looks like a very good starting point. We can consider building on top of a LRU with ttl which provides a way to define eviction/expiration/refresh callbacks so we can take care of renewing them in the background. But that's something for the future.
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
70310f1 to
222b02d
Compare
|
Kudos, SonarCloud Quality Gate passed!
|
Member
Author
|
gentle nudge @gusfcarvalho 🙏 |
Member
|
I've been running some tests, but I'm finding really strange results - most likely because we are already very careful regarding leases and revokes on hashivault. I noticed, however, that I couldn't really change the cache behavior for hashivault when using the flag set.. I'm not 100% sure that's working as intended :/ Maybe separate PRs? 😅 EDIT: nevermind, I wasn't setting up my vscode properly 😛 |
Member
|
/approve |
sourav977
added a commit
to cloudant/external-secrets
that referenced
this pull request
Feb 14, 2023
…ts main branch (#8) * Add DaangnPay to ADOPTERS.md (external-secrets#1668) Signed-off-by: Byungjin Park (Claud) <posquit0.bj@gmail.com> Signed-off-by: Byungjin Park (Claud) <posquit0.bj@gmail.com> * 🐛 Implements new buildPath logic (external-secrets#1636) Signed-off-by: Gustavo <gusfcarvalho@gmail.com> * fix: allow controller to `delete` delete externalsecrets (external-secrets#1670) When using ClusterExternalSecret the controller needs to delete external-secret resources Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * feat: attach sbom/provenance files to GH release, fix clomonitor (external-secrets#1656) * feat: attach sbom/provenance files to GH release, fix clomonitor Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: remove codesee Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * chore: bump 0.6.1 (external-secrets#1678) * chore: bump 0.6.1 Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: increase timeout for azure/e2e test Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * Link to video was broken (external-secrets#1680) Signed-off-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com> Signed-off-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com> * Feature: initial generator implementation + Github Actions OIDC/AWS (external-secrets#1539) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> * 🧹 chore: bumping versions (external-secrets#1688) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * ✨gitlab: getAllSecrets (external-secrets#1681) * gitlab: getAllSecrets Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> * Update pkg/provider/gitlab/gitlab.go Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Dominik Zeiger <domizei385@users.noreply.github.com> Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> * gitlab: added some test coverage Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> Signed-off-by: Dominik Zeiger <domizei385@users.noreply.github.com> Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> * 🧹Update index.md (external-secrets#1689) Signed-off-by: Idan Adar <iadar@il.ibm.com> Signed-off-by: Idan Adar <iadar@il.ibm.com> * 🧹Bumping versions (external-secrets#1708) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * 📚Update hashicorp-vault.md (external-secrets#1690) * Update hashicorp-vault.md Vault with HA setup does not have kv engine enabled by default, have added step to enable kv engine with correct version and enabling version if already added. Signed-off-by: Jeet <jeetdesai2342@gmail.com> * Update hashicorp-vault.md Signed-off-by: Jeet <jeetdesai2342@gmail.com> * Update hashicorp-vault.md Add comment on SecretStore.yaml Signed-off-by: Jeet <jeetdesai2342@gmail.com> Signed-off-by: Jeet <jeetdesai2342@gmail.com> * feat: bump deps (external-secrets#1729) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * Update getting-started.md (external-secrets#1716) Delete 1 whitespace Signed-off-by: Seonggwon Yoon <keyakoto@gmail.com> Signed-off-by: Seonggwon Yoon <keyakoto@gmail.com> * chore(deps): bump github.com/aws/aws-sdk-go from 1.44.141 to 1.44.142 (external-secrets#1730) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.141 to 1.44.142. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](aws/aws-sdk-go@v1.44.141...v1.44.142) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com> * gitlab: support for CI/CD group variables (external-secrets#1692) * gitlab: support for ci/cd group variables Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> * gitlab: support for ci/cd group variables (automatically discover project groups) Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> * gitlab: support for ci/cd group variables (documentation) Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> * chore: bump dependencies (external-secrets#1741) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * feat: add manual build trigger (external-secrets#1742) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * Proposal Draft for Secret Generators (external-secrets#1338) * Proposal Draft for Secret Generators Signed-off-by: Christian Hüning <christian.huening@finleap.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * feat: add release manifests (external-secrets#1728) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * feat: fips compliant build using boringcrypto (external-secrets#1731) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * gitlab: support "environment_scope" tag for findAll (external-secrets#1732) Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> * Feature: Add secret metadata templating from secret values (external-secrets#1740) * handle template data for secret labels & annotations Signed-off-by: Steven Bressey <steven.bressey@artifakt.io> * gitlab: small documentation updates (external-secrets#1747) Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> * 🧹chore: bumps (external-secrets#1758) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * ✨Feature/push secret (external-secrets#1315) Introduces Push Secret feature with implementations for the following providers: * GCP Secret Manager * AWS Secrets Manager * AWS Parameter Store * Hashicorp Vault KV Signed-off-by: Dominic Meddick <dominic.meddick@engineerbetter.com> Signed-off-by: Amr Fawzy <amr.fawzy@container-solutions.com> Signed-off-by: William Young <will.young@engineerbetter.com> Signed-off-by: James Cleveland <james.cleveland@engineerbetter.com> Signed-off-by: Lilly Daniell <lilly.daniell@engineerbetter.com> Signed-off-by: Adrienne Galloway <adrienne.galloway@engineerbetter.com> Signed-off-by: Marcus Dantas <marcus.dantas@engineerbetter.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Nick Ruffles <nick.ruffles@engineerbetter.com> * Fixing release pipeline for boringssl (external-secrets#1763) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * chore: bump 0.7.0-rc1 (external-secrets#1765) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * chore: improve naming in examples, regenerate api doc spec (external-secrets#1746) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * Update getallsecrets.md (external-secrets#1774) typo Signed-off-by: Pascal Bro <git@pascalbrokmeier.de> Signed-off-by: Pascal Bro <git@pascalbrokmeier.de> * gitlab: allow fallback to wildcard variable, when no environment specific value is defined (external-secrets#1772) Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> * fix: SecretStore link (external-secrets#1773) Signed-off-by: czomo <tomaszjdul@gmail.com> Signed-off-by: czomo <tomaszjdul@gmail.com> * fix sync calls metrics & defer patch status (external-secrets#1770) * fix: increment sync_calls_total metric once per reconciliation Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: patch status only if not skipped Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: unit tests Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * 📚 feat: improve docs (external-secrets#1749) Signed-off-by: Djerfy <djerfy@gmail.com> * chore(deps): bump fkirc/skip-duplicate-actions from 5.2.0 to 5.3.0 (external-secrets#1777) Bumps [fkirc/skip-duplicate-actions](https://github.com/fkirc/skip-duplicate-actions) from 5.2.0 to 5.3.0. - [Release notes](https://github.com/fkirc/skip-duplicate-actions/releases) - [Commits](fkirc/skip-duplicate-actions@v5.2.0...v5.3.0) --- updated-dependencies: - dependency-name: fkirc/skip-duplicate-actions dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Allow chart to configure metrics-addr flag based on metric port values (external-secrets#1764) * add cmd option to configure metrics port Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * 🧹chore: bumps (external-secrets#1758) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * ✨Feature/push secret (external-secrets#1315) Introduces Push Secret feature with implementations for the following providers: * GCP Secret Manager * AWS Secrets Manager * AWS Parameter Store * Hashicorp Vault KV Signed-off-by: Dominic Meddick <dominic.meddick@engineerbetter.com> Signed-off-by: Amr Fawzy <amr.fawzy@container-solutions.com> Signed-off-by: William Young <will.young@engineerbetter.com> Signed-off-by: James Cleveland <james.cleveland@engineerbetter.com> Signed-off-by: Lilly Daniell <lilly.daniell@engineerbetter.com> Signed-off-by: Adrienne Galloway <adrienne.galloway@engineerbetter.com> Signed-off-by: Marcus Dantas <marcus.dantas@engineerbetter.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Nick Ruffles <nick.ruffles@engineerbetter.com> Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * Fixing release pipeline for boringssl (external-secrets#1763) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Dominic Meddick <dominic.meddick@engineerbetter.com> Signed-off-by: Amr Fawzy <amr.fawzy@container-solutions.com> Signed-off-by: William Young <will.young@engineerbetter.com> Signed-off-by: James Cleveland <james.cleveland@engineerbetter.com> Signed-off-by: Lilly Daniell <lilly.daniell@engineerbetter.com> Signed-off-by: Adrienne Galloway <adrienne.galloway@engineerbetter.com> Signed-off-by: Marcus Dantas <marcus.dantas@engineerbetter.com> Signed-off-by: Nick Ruffles <nick.ruffles@engineerbetter.com> Co-authored-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> * fix: broken links in reference doc (external-secrets#1778) Signed-off-by: Jiacheng Cheng <jiacheng.cheng@sap.com> Signed-off-by: Jiacheng Cheng <jiacheng.cheng@sap.com> * 🧹chore: bumps (external-secrets#1792) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * Added KCD UK 2022 talk (external-secrets#1795) I've added the talk we have delivered with Ben Gurney at Kubernetes Community Days UK 2022 conference. Signed-off-by: Emin Alemdar <77338109+eminalemdar@users.noreply.github.com> Signed-off-by: Emin Alemdar <77338109+eminalemdar@users.noreply.github.com> * 🧹chore:bumps (external-secrets#1797) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * 🐛 fixing docs release (external-secrets#1799) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * 🧹chore:bump 0.7.0 (external-secrets#1800) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * 🧹chore(deps): bump actions/setup-python from 4.3.0 to 4.3.1 (external-secrets#1802) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.3.0 to 4.3.1. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v4.3.0...v4.3.1) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * 🧹chore(deps): bump golang from 1.19.3-alpine to 1.19.4-alpine (external-secrets#1801) Bumps golang from 1.19.3-alpine to 1.19.4-alpine. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * 🧹 chore: bumps (external-secrets#1807) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * Add flag to set CRD names in cert controller (external-secrets#1811) * added new crd-names flag to reconcile only installed CRDs in cert controller Signed-off-by: Steven Bressey <sbressey@bressey.me> * add guide to disable cluster features Signed-off-by: Steven Bressey <sbressey@bressey.me> * fix fmt Signed-off-by: Steven Bressey <sbressey@bressey.me> Co-authored-by: Steven Bressey <sbressey@bressey.me> * [FEATURE] Customizable encoding of logging timestamp (external-secrets#1808) Objective of this commit is to allow logs to be more readable. Default log ts encoding in the logger employed (zap) is unix time. This leads to logs not much human-readable. This change introduces the possibility to customize the ts with a set of preconfigured encodings: one of 'epoch', 'millis', 'nano', 'iso8601', 'rfc3339' or 'rfc3339nano' Default value does not change Signed-off-by: RiccardoColella <colella.git@outlook.com> Signed-off-by: RiccardoColella <colella.git@outlook.com> * Add note on required Service Account roles. (external-secrets#1814) I wasted a couple of hours to figure out that this documentation only works with the correct roles attached to the GCP Service account as described here: https://stackoverflow.com/a/63240340 Adding a hint to the docs here, could make it more accessible for others. Signed-off-by: Jakob Kolb <jakob.j.kolb@gmail.com> Signed-off-by: Jakob Kolb <jakob.j.kolb@gmail.com> * fix: add status checks permission (external-secrets#1813) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: replace bad URLs (external-secrets#1815) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * Add license scan report and status (external-secrets#1818) Signed-off-by: fossabot <badges@fossa.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * Fix typo (external-secrets#1826) Signed-off-by: dubs11kt <dubs11kt@gmail.com> Signed-off-by: dubs11kt <dubs11kt@gmail.com> * feat: add fossa check (external-secrets#1819) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * chore: bumps (external-secrets#1852) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * ✨ Templates from string (external-secrets#1748) * Adds templates from string Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * chore: bump golang-jwt (external-secrets#1858) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * feat: add ability to set automount to false (external-secrets#1859) Signed-off-by: Moritz Johner <Moritz.Johner@form3.tech> Signed-off-by: Moritz Johner <Moritz.Johner@form3.tech> * 🐛 gitlab: Fallback to wildcard variables and use pagination (bugfix) (external-secrets#1838) * gitlab: fallback to wildcard variables when using "GetAllSecrets" Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> * 🐛 Use the right metrics annotations for the webhook service (external-secrets#1841) * 🧹 chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.171 to 1.44.172 (external-secrets#1857) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.171 to 1.44.172. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](aws/aws-sdk-go@v1.44.171...v1.44.172) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * 🧹 bump 0.7.1 (external-secrets#1861) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * Fixing links and adding stability support for 0.7.x (external-secrets#1863) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * 🐛 Fixes vault PushSecret logic (external-secrets#1866) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * ✨ Implements Deletion policy for Hashicorp vault. (external-secrets#1879) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * ✨ AWS Role Chaining (external-secrets#1855) Signed-off-by: cspargo <colinspargo@gmail.com> * fix: typo (external-secrets#1894) Signed-off-by: cDR (Taco) <me@codar.nl> Signed-off-by: cDR (Taco) <me@codar.nl> * 🧹 chore: bumps (external-secrets#1896) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * feat: referent auth for gcp (external-secrets#1887) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * Update 1password-automation.md (external-secrets#1895) updating docs to reflect the correct command and template format as per https://developer.1password.com/docs/cli/create-item Signed-off-by: Ahsan Gondal <ahsangondal15@gmail.com> Signed-off-by: Ahsan Gondal <ahsangondal15@gmail.com> * fix: explicitly use new kubectl gcp auth (external-secrets#1904) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * 🐛 GCP: prevent goroutine leak on workload identity reconciliation (external-secrets#1902) Signed-off-by: Hiroshi Muraoka <h.muraoka714@gmail.com> * aws secretsmanager/parameterstore referent auth (external-secrets#1884) * feat: implement referentAuth for aws Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * feat: e2e tests Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * Update pkg/provider/aws/provider.go Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> * Update pkg/provider/aws/provider.go Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> * feat: allow each credential to be referent Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> * ✨ Adds Keyvault PushSecret (external-secrets#1883) * Adds Keyvault PushSecret Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * Added my new blog post (external-secrets#1909) I've added my new blog post about Push Secret feature. Signed-off-by: Emin Alemdar <77338109+eminalemdar@users.noreply.github.com> Signed-off-by: Emin Alemdar <77338109+eminalemdar@users.noreply.github.com> * ✨ implement azure referent auth (external-secrets#1886) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * 🧹 chore: bumps (external-secrets#1913) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * 🧹 chore: bumps (external-secrets#1923) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * 🧹 chore: bumps (external-secrets#1925) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * 🧹 bump: 0.7.2 (external-secrets#1926) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * Update README.md (external-secrets#1930) Signed-off-by: Lucas Severo Alves <lucassalves65@gmail.com> Signed-off-by: Lucas Severo Alves <lucassalves65@gmail.com> * Set GOOS and GOARCH from TARGETPLATFORM (external-secrets#1915) Removed hardcoded, single platform values for GOOS and GOARCH. Set GOOS and GOARCH from TARGETPLATFORM to build multi-platform images. Ref: https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope Ref: https://docs.docker.com/build/building/multi-platform/ Build a multi-platform image `docker buildx build --push --platform linux/arm64,linux/amd64 --tag external-secrets:dev --file Dockerfile.standalone .` Signed-off-by: a27kash <a27kash@gmail.com> Signed-off-by: a27kash <a27kash@gmail.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> * 🐛 fixing image rebuild pipeline (external-secrets#1934) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * Update aws-parameter-store.md (external-secrets#1931) Signed-off-by: Denis Policastro <denis.policastro@gmail.com> Signed-off-by: Denis Policastro <denis.policastro@gmail.com> * ✨ Feature/deletion policies (external-secrets#1914) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * feat: make cache generic, refactor feature flags (external-secrets#1640) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * 📚 use more inclusive language (external-secrets#1927) Signed-off-by: Gareth Evans <gareth@bryncynfelin.co.uk> * ✨ Support template for webhook jsonpath (external-secrets#1939) * Support template for webhook jsonpath Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com> * Add jsonpath filter support to webhook (external-secrets#1940) * Add jsonpath filter support to webhook Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com> * Fix tests Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com> Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com> * Fix wrong IAM permissions in docs for the AWS Parameter Store (external-secrets#1949) Signed-off-by: Tobias Germer <tobias.germer@tui.com> * 🐛 no need to use cgo (external-secrets#1935) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * 🐛 Fixing PushSecret CRD generation (external-secrets#1967) * Fixing PushSecret CRD generation Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * fix: increase hashicorp vault cache size to prevent eviction Also remove tiny cache size from e2e tests Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> --------- Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com> * feat: bump packages (external-secrets#1976) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * Update full-cluster-secret-store.yaml (external-secrets#1953) Add Oracle provider Signed-off-by: Evert Ramos <evert.ramos@gmail.com> * 🐛 remove ability to call env and expandenv in webhook (external-secrets#1977) This allows an attacker to exfiltrate environment variables. Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * ✨ enhance ServiceMonitor configuration (external-secrets#1973) * Fix external-secrets#1971 Signed-off-by: mikhailadvani <mikhail.advani@gmail.com> * PR feedback Signed-off-by: mikhailadvani <mikhail.advani@gmail.com> * fix: generate helm docs --------- Signed-off-by: mikhailadvani <mikhail.advani@gmail.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> * ✨ add ability to configure `revisionHistoryLimit` in helm chart (external-secrets#1979) * feat: add ability to configure `revisionHistoryLimit` for all Deployment resources of the helm chart This enables to turn ReplicaSet revisions off completely, e.g. when deploying ExternalSecrets with GitOps approach. Signed-off-by: Marcel Hoyer <mhoyer@pixelplastic.de> * fix: generate helm docs Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> --------- Signed-off-by: Marcel Hoyer <mhoyer@pixelplastic.de> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> * ✨ add-keeper-security-provider (external-secrets#1768) * add keepersecurity provider Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * 🧹chore: bumps (external-secrets#1758) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * ✨Feature/push secret (external-secrets#1315) Introduces Push Secret feature with implementations for the following providers: * GCP Secret Manager * AWS Secrets Manager * AWS Parameter Store * Hashicorp Vault KV Signed-off-by: Dominic Meddick <dominic.meddick@engineerbetter.com> Signed-off-by: Amr Fawzy <amr.fawzy@container-solutions.com> Signed-off-by: William Young <will.young@engineerbetter.com> Signed-off-by: James Cleveland <james.cleveland@engineerbetter.com> Signed-off-by: Lilly Daniell <lilly.daniell@engineerbetter.com> Signed-off-by: Adrienne Galloway <adrienne.galloway@engineerbetter.com> Signed-off-by: Marcus Dantas <marcus.dantas@engineerbetter.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Nick Ruffles <nick.ruffles@engineerbetter.com> Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * Fixing release pipeline for boringssl (external-secrets#1763) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * chore: bump 0.7.0-rc1 (external-secrets#1765) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * added documentation Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * added pushSecret first iteration Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * added pushSecret and updated documentation Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * refactor client Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * update code and unit tests Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * fix code smells Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * fix code smells Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * fix custom fields Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * making it reviewable Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * fix custom field on secret map Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * Update docs/snippets/keepersecurity-push-secret.yaml Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * fixed edge case, improved validation errors and updated docs Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * fix logic retrieving secrets Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * Update pkg/provider/keepersecurity/client.go Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * lint code Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * linting code Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * go linter fixed Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * fix crds and documentation Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> --------- Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Dominic Meddick <dominic.meddick@engineerbetter.com> Signed-off-by: Amr Fawzy <amr.fawzy@container-solutions.com> Signed-off-by: William Young <will.young@engineerbetter.com> Signed-off-by: James Cleveland <james.cleveland@engineerbetter.com> Signed-off-by: Lilly Daniell <lilly.daniell@engineerbetter.com> Signed-off-by: Adrienne Galloway <adrienne.galloway@engineerbetter.com> Signed-off-by: Marcus Dantas <marcus.dantas@engineerbetter.com> Signed-off-by: Nick Ruffles <nick.ruffles@engineerbetter.com> Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> Co-authored-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> * 🐛 fix panic when using jwt without secretRef/saRef (external-secrets#1980) Fixes external-secrets#1957 Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * 🧹 bump dependencies & regenerate CRDs (external-secrets#1990) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * Fixed broken link (external-secrets#1992) * fix: fix validation method in kubernetes provider (external-secrets#2000) RBAC allows a user to define a wildcard `*` for a given field in the Resource Rule. Prefix/Suffix matching or globbing is not supported, just simple wildcards. For example the cluster-admin role has a `*` on all apiVersion/resource/verbs and hence validation would fail. Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> --------- Signed-off-by: Byungjin Park (Claud) <posquit0.bj@gmail.com> Signed-off-by: Gustavo <gusfcarvalho@gmail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> Signed-off-by: Dominik Zeiger <domizei385@users.noreply.github.com> Signed-off-by: Idan Adar <iadar@il.ibm.com> Signed-off-by: Jeet <jeetdesai2342@gmail.com> Signed-off-by: Seonggwon Yoon <keyakoto@gmail.com> Signed-off-by: Christian Hüning <christian.huening@finleap.com> Signed-off-by: Steven Bressey <steven.bressey@artifakt.io> Signed-off-by: Dominic Meddick <dominic.meddick@engineerbetter.com> Signed-off-by: Amr Fawzy <amr.fawzy@container-solutions.com> Signed-off-by: William Young <will.young@engineerbetter.com> Signed-off-by: James Cleveland <james.cleveland@engineerbetter.com> Signed-off-by: Lilly Daniell <lilly.daniell@engineerbetter.com> Signed-off-by: Adrienne Galloway <adrienne.galloway@engineerbetter.com> Signed-off-by: Marcus Dantas <marcus.dantas@engineerbetter.com> Signed-off-by: Nick Ruffles <nick.ruffles@engineerbetter.com> Signed-off-by: Pascal Bro <git@pascalbrokmeier.de> Signed-off-by: czomo <tomaszjdul@gmail.com> Signed-off-by: Djerfy <djerfy@gmail.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> Signed-off-by: Jiacheng Cheng <jiacheng.cheng@sap.com> Signed-off-by: Emin Alemdar <77338109+eminalemdar@users.noreply.github.com> Signed-off-by: Steven Bressey <sbressey@bressey.me> Signed-off-by: RiccardoColella <colella.git@outlook.com> Signed-off-by: Jakob Kolb <jakob.j.kolb@gmail.com> Signed-off-by: fossabot <badges@fossa.com> Signed-off-by: dubs11kt <dubs11kt@gmail.com> Signed-off-by: Moritz Johner <Moritz.Johner@form3.tech> Signed-off-by: cspargo <colinspargo@gmail.com> Signed-off-by: cDR (Taco) <me@codar.nl> Signed-off-by: Ahsan Gondal <ahsangondal15@gmail.com> Signed-off-by: Hiroshi Muraoka <h.muraoka714@gmail.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> Signed-off-by: Lucas Severo Alves <lucassalves65@gmail.com> Signed-off-by: a27kash <a27kash@gmail.com> Signed-off-by: Denis Policastro <denis.policastro@gmail.com> Signed-off-by: Gareth Evans <gareth@bryncynfelin.co.uk> Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com> Signed-off-by: Tobias Germer <tobias.germer@tui.com> Signed-off-by: Evert Ramos <evert.ramos@gmail.com> Signed-off-by: mikhailadvani <mikhail.advani@gmail.com> Signed-off-by: Marcel Hoyer <mhoyer@pixelplastic.de> Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> Co-authored-by: Byungjin Park (Claud) <posquit0.bj@gmail.com> Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> Co-authored-by: Sebastián Gómez <1637983+sebagomez@users.noreply.github.com> Co-authored-by: Dominik Zeiger <domizei385@users.noreply.github.com> Co-authored-by: Idan Adar <iadar@il.ibm.com> Co-authored-by: Jeet <jeetdesai2342@gmail.com> Co-authored-by: Seonggwon Yoon <keyakoto@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Christian Hüning <christianhuening@users.noreply.github.com> Co-authored-by: Steven Bressey <80676978+stevenbressey@users.noreply.github.com> Co-authored-by: Pascal Bro <git@pascalbrokmeier.de> Co-authored-by: Tomasz <35335044+czomo@users.noreply.github.com> Co-authored-by: DJΞRFY <djerfy@gmail.com> Co-authored-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> Co-authored-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> Co-authored-by: cjc7373 <niuchangcun@gmail.com> Co-authored-by: Emin Alemdar <77338109+eminalemdar@users.noreply.github.com> Co-authored-by: Steven Bressey <sbressey@bressey.me> Co-authored-by: Riccardo Colella <colella.git@outlook.com> Co-authored-by: Jakob Kolb <jakob.j.kolb@gmail.com> Co-authored-by: fossabot <badges@fossa.io> Co-authored-by: oddy <56793934+dubs11kt@users.noreply.github.com> Co-authored-by: Moritz Johner <100202497+moritzjohner-form3@users.noreply.github.com> Co-authored-by: Florent Baldino <Baldinof@users.noreply.github.com> Co-authored-by: cspargo <4132393+cspargo@users.noreply.github.com> Co-authored-by: cDR (Taco) <me@codar.nl> Co-authored-by: Ahsan Gondal <ahsangondal15@gmail.com> Co-authored-by: Hiroshi Muraoka <hiroshi.muraoka@outlook.com> Co-authored-by: Lucas Severo Alves <lucassalves65@gmail.com> Co-authored-by: a27kash <a27kash@gmail.com> Co-authored-by: Denis Policastro <denis.policastro@gmail.com> Co-authored-by: Gareth Evans <garethjevans@users.noreply.github.com> Co-authored-by: Thibault Cohen <47721+titilambert@users.noreply.github.com> Co-authored-by: Tobias Germer <bvrcreepyx@hotmail.de> Co-authored-by: Evert Ramos <evert.ramos@gmail.com> Co-authored-by: Mikhail Advani <mikhail.advani@gmail.com> Co-authored-by: Marcel Hoyer <mhoyer@pixelplastic.de>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #1587
vault/cache.goimplementation generic so it can be used with different types.providerthe means to register CLI flags and to do late initialization (here: used to construct the cache)concurrent=100to catch concurrency bugs early