feat: cluster push secret with pushing all secrets from a namespace by Skarlso · Pull Request #4162 · external-secrets/external-secrets

Skarlso · 2024-11-30T18:25:20Z

Problem Statement

What is the problem you're trying to solve?

Related Issue

Fixes #3183

Proposed Changes

How do you like to solve the issue and why?

Checklist

I have read the contribution guidelines
All commits are signed with git commit --signoff
My changes have reasonable test coverage
All tests pass with make test
I ensured my PR is ready for review with make reviewable

Skarlso · 2024-12-01T14:25:27Z

This is weird. Local branch is clean.

15:24:29 [ OK ] Finished linting
15:24:30 [ .. ] checking that branch is clean
15:24:30 [ OK ] branch is clean

gusfcarvalho · 2024-12-18T08:45:39Z

apis/externalsecrets/v1alpha1/pushsecret_types.go

+	// Choose namespaces by name
+	// +optional
+	// +kubebuilder:validation:items:MinLength:=1
+	// +kubebuilder:validation:items:MaxLength:=63
+	// +kubebuilder:validation:items:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+	Namespaces []string `json:"namespaces,omitempty"`


While we do have this field for ClusterExternalSecret, I think it makes no sense to add it for ClusterPushSecret as this can be achieved with a namespace selector matching a label app.kubernetes.io/namespace-name: my-namespace

gusfcarvalho · 2024-12-18T09:10:29Z

PROJECT

  kind: ExternalSecret
  version: v1beta1
+- group: external-secrets
+  kind: ClusterPushSecretStore


Suggested change

kind: ClusterPushSecretStore

kind: ClusterPushSecret

Skarlso · 2024-12-18T19:47:06Z

@gusfcarvalho If I recall you also wanted the Namespaces to be removed from the ClusterExternalSecrets?

gusfcarvalho · 2024-12-19T00:59:11Z

Yes! Let’s take advantage of the minor bump already and push this deprecation :)

Skarlso · 2024-12-19T05:52:03Z

Cool! I'll do that. :)

Skarlso · 2024-12-20T08:37:14Z

I'm adding a test.

Skarlso · 2024-12-20T15:13:20Z

Almost there. Just getting a weird error now.

Status:
  Failed Namespaces:
    Namespace:       my-namespace
    Reason:          push secret already exists in namespace
  Push Secret Name:  example-cluster-push-secret

Immediately after it successfully created the secret. Probably something to do with owner ref.

Skarlso · 2024-12-20T19:32:56Z

Found the bug 🎉

Status:                                                                                                                             │
│   Provisioned Namespaces:                                                                                                           │
│     my-namespace                                                                                                                    │
│   Push Secret Name:  example-cluster-push-secret

Skarlso · 2024-12-20T22:19:42Z

/ok-to-test sha=339fc75b387437e3218b1fd765eda3977a51f8a4

eso-service-account-app · 2024-12-20T22:49:18Z

[Bot] - ✅ e2e for 339fc75b387437e3218b1fd765eda3977a51f8a4 passed

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

Skarlso · 2025-02-03T08:49:27Z

/ok-to-test sha=ddd439c19dc8297f7f9bb71b5604cae89166cbda

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

eso-service-account-app · 2025-02-03T09:23:01Z

[Bot] - ✅ e2e for ddd439c19dc8297f7f9bb71b5604cae89166cbda passed

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

moolen

I can only bother you with naming considerations :D, see comment below. Otherwise LGTM 🚀

moolen · 2025-03-18T21:34:09Z

apis/externalsecrets/v1alpha1/pushsecret_types.go

+	// SecretSelector chooses secrets using a labelSelector.
+	// +optional
+	SecretSelector *metav1.LabelSelector `json:"secretSelector,omitempty"`


Maybe name this selector in favour of secretSelector. The secret bit is already implied 🤔

or alternatively we can consider embedding matchLabels and matchExpressions here as ps.spec.selector.secret.matchLabels and ps.spec.selector.secret.matchExpressions respectively.

I'm leaning towards the latter. WDYT?

Makes sense indeed!

Having both embedded makes this check a bit convoluted:

case ps.Spec.Selector.Secret != nil && ps.Spec.Selector.Secret.Selector != nil: labelSelector, err := metav1.LabelSelectorAsSelector(ps.Spec.Selector.Secret.Selector) if err != nil { return nil, err } var secretList v1.SecretList err = r.List(ctx, &secretList, &client.ListOptions{LabelSelector: labelSelector}) if err != nil { return nil, err } return secretList.Items, err }

Because now you need to see if one or the other is defined instead of checking if label selector is defined.

But I agree to the rename. :)

…dy by the context Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

sonarqubecloud · 2025-03-19T11:03:46Z

Quality Gate passed

Issues
0 New issues
1 Accepted issue

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

* main: chore: update helm charts to v0.15.0 (external-secrets#4566) feat: cluster push secret with pushing all secrets from a namespace (external-secrets#4162) fix: check if secret is being deleted during fetch (external-secrets#4562) feat: add cloud.ru secret manager support (external-secrets#3716) update dependencies (external-secrets#4556) feat: non standard templating delimiters (external-secrets#4558) chore(deps): bump distroless/static from `3f2b64e` to `95ea148` (external-secrets#4554) Fix Grafana generator not passing desired SA role to creation request (external-secrets#4533) fix: define top level permissions and fix token scope (external-secrets#4543) chore(deps): bump ubi8/ubi from `ecbeb81` to `5993454` (external-secrets#4553) fix: skip none-existing keys (external-secrets#4517) chore(deps): bump golangci/golangci-lint-action from 6.5.0 to 6.5.1 (external-secrets#4552) chore(deps): bump docker/login-action from 3.3.0 to 3.4.0 (external-secrets#4551) chore(deps): bump aquasecurity/trivy-action from 0.29.0 to 0.30.0 (external-secrets#4550) chore(deps): bump mkdocs-material from 9.6.7 to 9.6.8 in /hack/api-docs (external-secrets#4555) Update full-pushsecret.yaml (external-secrets#4547) feat: add metadata setting to encode secrets as decoded values (external-secrets#4535) feat: introduce codeql scan for code sections (external-secrets#4198) Improve Grafana generator integration with in-cluster Grafana (external-secrets#4519)

* chore(deps): bump golang from 1.23.4-bookworm to 1.23.5-bookworm in /e2e (#4309) Bumps golang from 1.23.4-bookworm to 1.23.5-bookworm. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump mkdocs-material in /hack/api-docs (#4311) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.49 to 9.5.50. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.49...9.5.50) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ubi8/ubi from `37cdac4` to `2e863fb` (#4312) Bumps ubi8/ubi from `37cdac4` to `2e863fb`. --- updated-dependencies: - dependency-name: ubi8/ubi dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump golang from 1.23.4 to 1.23.5 (#4313) Bumps golang from 1.23.4 to 1.23.5. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * infisical: fix error handling which previously failed silently (missing secrets, incorrect auth, etc.) (#4304) * add error handling to Infisical provider Signed-off-by: Joey Pereira <joey@pereira.io> * add access token error handling While adding test cases for RevokeAccessToken, I realized that the tests were simply exiting early because of the access token. Instead, let's be explicit and return an error. Signed-off-by: Joey Pereira <joey@pereira.io> * add assertion for ImportedSecrets Signed-off-by: Joey Pereira <joey@pereira.io> * rewrite tests to use httptest Signed-off-by: Joey Pereira <joey@pereira.io> * refactor API calls to simplify common code Signed-off-by: Joey Pereira <joey@pereira.io> * better handle responses that cannot unmarshal; only return NoSecretError on GetSecretByKeyV3 Signed-off-by: Joey Pereira <joey@pereira.io> * cleanup tests Additionally, this correctly plumbs through more of the error response data and avoids leaking a 200 response on unmarshal errors Signed-off-by: Joey Pereira <joey@pereira.io> * fix provider.go test (given swap away from improper infisical API impl) Signed-off-by: Joey Pereira <joey@pereira.io> * improve details format Signed-off-by: Joey Pereira <joey@pereira.io> * bin/golangci-lint fixes Signed-off-by: Joey Pereira <joey@pereira.io> * address feedback Signed-off-by: Joey Pereira <joey@pereira.io> * address quality issue Signed-off-by: Joey Pereira <joey@pereira.io> * address comments Signed-off-by: Joey Pereira <joey@pereira.io> * replace reflect call with simpler zero-value check Signed-off-by: Joey Pereira <joey@pereira.io> --------- Signed-off-by: Joey Pereira <joey@pereira.io> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: rename render to esoctl in release action (#4319) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore: release v0.13.0 helm (#4322) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: documentation and naming for render tool (#4324) * fix: security issues with esoctl release action (#4325) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * sonar: ignore duplication warnings in test files (#4320) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: sonar ignore duplication warning in test files only (#4329) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: sonar configs (#4334) Signed-off-by: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com> * feat: column storeType (#4337) Co-authored-by: Frans6 jefferson.frds@gmail.com Signed-off-by: brenob6 <brenob6@gmail.com> * fix: retry failed reconciles much less aggressively (#4339) Signed-off-by: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com> * chore(deps): bump pymdown-extensions in /hack/api-docs (#4341) Bumps [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions) from 10.14 to 10.14.1. - [Release notes](https://github.com/facelessuser/pymdown-extensions/releases) - [Commits](https://github.com/facelessuser/pymdown-extensions/compare/10.14...10.14.1) --- updated-dependencies: - dependency-name: pymdown-extensions dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump importlib-metadata in /hack/api-docs (#4342) Bumps [importlib-metadata](https://github.com/python/importlib_metadata) from 8.5.0 to 8.6.1. - [Release notes](https://github.com/python/importlib_metadata/releases) - [Changelog](https://github.com/python/importlib_metadata/blob/main/NEWS.rst) - [Commits](https://github.com/python/importlib_metadata/compare/v8.5.0...v8.6.1) --- updated-dependencies: - dependency-name: importlib-metadata dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump helm/chart-releaser-action from 1.6.0 to 1.7.0 (#4343) Bumps [helm/chart-releaser-action](https://github.com/helm/chart-releaser-action) from 1.6.0 to 1.7.0. - [Release notes](https://github.com/helm/chart-releaser-action/releases) - [Commits](https://github.com/helm/chart-releaser-action/compare/a917fd15b20e8b64b94d9158ad54cd6345335584...cae68fefc6b5f367a0275617c9f83181ba54714f) --- updated-dependencies: - dependency-name: helm/chart-releaser-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump actions/setup-go from 5.2.0 to 5.3.0 (#4344) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.2.0 to 5.3.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/3041bf56c941b39c61721a86cd11f3bb1338122a...f111f3307d8850f501ac008e886eec1fd1932a34) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump actions/stale from 9.0.0 to 9.1.0 (#4345) Bumps [actions/stale](https://github.com/actions/stale) from 9.0.0 to 9.1.0. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/stale/compare/28ca1036281a5e5922ead5184a1bbf96e5fc984e...5bef64f19d7facfb25b37b414482c7164d639639) --- updated-dependencies: - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump fossas/fossa-action from 1.4.0 to 1.5.0 (#4346) Bumps [fossas/fossa-action](https://github.com/fossas/fossa-action) from 1.4.0 to 1.5.0. - [Release notes](https://github.com/fossas/fossa-action/releases) - [Commits](https://github.com/fossas/fossa-action/compare/09bcf127dc0ccb4b5a023f6f906728878e8610ba...93a52ecf7c3ac7eb40f5de77fd69b1a19524de94) --- updated-dependencies: - dependency-name: fossas/fossa-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump anchore/sbom-action from 0.17.9 to 0.18.0 (#4347) Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.17.9 to 0.18.0. - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](https://github.com/anchore/sbom-action/compare/df80a981bc6edbc4e220a492d3cbe9f5547a6e75...f325610c9f50a54015d37c8d16cb3b0e2c8f4de0) --- updated-dependencies: - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump golang from `47d3375` to `47d3375` (#4348) Bumps golang from `47d3375` to `47d3375`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: update dependencies (#4350) * update dependencies Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> * adjust the parameter for the new beyond trust Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * removed the usage of the REST client and prefer the fake client Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * docs: Adding a glossary and a prerequirement (#4299) Signed-off-by: Ana Carolina Costa César <anaipva@gmail.com> Signed-off-by: Lucas Queiroz <lucas.fn4@gmail.com> Signed-off-by: Caio Santos <caiobs10@gmail.com> Signed-off-by: Juan-Ricarte <juanricarte77@gmail.com> Signed-off-by: Kauan Eiras <kauante@hotmail.com> Signed-off-by: Miguel de Frias <miguelfrias8@gmail.com> Signed-off-by: Luiz Pettengill <luizpettengill@hotmail.com> Signed-off-by: Suzane Duarte <ssuzane9@hotmail.com> Signed-off-by: Gabriel Ribeiro <gabrielribeirof19@gmail.com> Signed-off-by: Breno Queiroz Lima <brenob6@gmail.com> Signed-off-by: Luana Torres <sluana.torres@gmail.com> Signed-off-by: Jefferson França <jefferson.frds@gmail.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: security issues with esoctl release action take 2 (#4326) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * Align the refresh interval with others and avoid unnecessary server requests. (#4353) Signed-off-by: Cedric Alfonsi <cedric@passbolt.com> * feat: add API version parameter to BeyondTrust Provider (#4354) * feat: introduce state for generator and new grafana SA generator (#4203) * feat: introduce state for generator and new grafana SA generator Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * Update pkg/controllers/generatorstate/generatorstate_controller.go Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> * fix: do not log here Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * feat: implement generator state conditions Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: address comments Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> --------- Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * doc: link to the CNCF code of conduct (#4364) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore(deps): bump ubi8/ubi from `2e863fb` to `881aaf5` (#4365) Bumps ubi8/ubi from `2e863fb` to `881aaf5`. --- updated-dependencies: - dependency-name: ubi8/ubi dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump actions/attest-build-provenance from 2.1.0 to 2.2.0 (#4366) Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) from 2.1.0 to 2.2.0. - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/7668571508540a607bdfd90a87a560489fe372eb...520d128f165991a6c774bcb264f323e3d70747f4) --- updated-dependencies: - dependency-name: actions/attest-build-provenance dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump helm/chart-testing-action from 2.6.1 to 2.7.0 (#4367) Bumps [helm/chart-testing-action](https://github.com/helm/chart-testing-action) from 2.6.1 to 2.7.0. - [Release notes](https://github.com/helm/chart-testing-action/releases) - [Commits](https://github.com/helm/chart-testing-action/compare/e6669bcd63d7cb57cb4380c33043eebe5d111992...0d28d3144d3a25ea2cc349d6e59901c4ff469b3b) --- updated-dependencies: - dependency-name: helm/chart-testing-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump codecov/codecov-action from 5.1.2 to 5.3.1 (#4369) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5.1.2 to 5.3.1. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/1e68e06f1dbfde0e4cefc87efeba9e4643565303...13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github/codeql-action from 3.28.1 to 3.28.8 (#4370) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.1 to 3.28.8. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/b6a472f63d85b9c78a3ac5e89422239fc15e9b3c...dd746615b3b9d728a6a37ca2045b68ca76d4841a) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump babel from 2.16.0 to 2.17.0 in /hack/api-docs (#4371) Bumps [babel](https://github.com/python-babel/babel) from 2.16.0 to 2.17.0. - [Release notes](https://github.com/python-babel/babel/releases) - [Changelog](https://github.com/python-babel/babel/blob/master/CHANGES.rst) - [Commits](https://github.com/python-babel/babel/compare/v2.16.0...v2.17.0) --- updated-dependencies: - dependency-name: babel dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump certifi from 2024.12.14 to 2025.1.31 in /hack/api-docs (#4372) Bumps [certifi](https://github.com/certifi/python-certifi) from 2024.12.14 to 2025.1.31. - [Commits](https://github.com/certifi/python-certifi/compare/2024.12.14...2025.01.31) --- updated-dependencies: - dependency-name: certifi dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump pymdown-extensions in /hack/api-docs (#4373) Bumps [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions) from 10.14.1 to 10.14.3. - [Release notes](https://github.com/facelessuser/pymdown-extensions/releases) - [Commits](https://github.com/facelessuser/pymdown-extensions/compare/10.14.1...10.14.3) --- updated-dependencies: - dependency-name: pymdown-extensions dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump mkdocs-material from 9.5.50 to 9.6.1 in /hack/api-docs (#4374) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.50 to 9.6.1. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.50...9.6.1) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump actions/setup-python from 5.3.0 to 5.4.0 (#4368) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.3.0 to 5.4.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/0b93645e9fea7318ecaed2b359559ac225c90a2b...42375524e23c412d93fb67b49958b491fce71c38) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: gitlab group variable regression (#4379) Signed-off-by: Damien Degois <damien@degois.info> * Implement SecretExists in AWS ParameterStore (#4377) * Implement SecretExists in AWS ParameterStore Signed-off-by: Ami Rahav <amirahav@users.noreply.github.com> * Add missing prefix Signed-off-by: Ami Rahav <amirahav@users.noreply.github.com> --------- Signed-off-by: Ami Rahav <amirahav@users.noreply.github.com> Co-authored-by: Amiram Rahav <arahav@blacksky.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: the esoctl tooling website was not working (#4383) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore: release v0.14.0 helm (#4385) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * docs: fix typo in templating examples (#4387) Signed-off-by: Sverre Boschman <1142569+sboschman@users.noreply.github.com> * Added additional validation for a usecase where a namespace is provided for SecretStore CAprovider (#4359) * feat: added additional validation for a use case where a namespace is specified for SecretStore caProvider Signed-off-by: Alexander Chernov <alexander@chernov.it> * chore: improved error message to highlight an issue when namespace is filtered out when trying to get a namespaced secret from secretstore. Signed-off-by: Alexander Chernov <alexander@chernov.it> * chore: fixed failing tests Signed-off-by: Alexander Chernov <alexander@chernov.it> --------- Signed-off-by: Alexander Chernov <alexander@chernov.it> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * Update doc references from to . (#4388) Signed-off-by: Micaiah Martin <github@sourcecodemt.com> * feat: Merging metrics and service monitor services (#4356) Signed-off-by: Rémy Jacquin <remy@remyj.fr> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * feat: allow accessing original Vault response from VaultDynamicSecret (#4358) Signed-off-by: Michal Baumgartner <michal.baumgartner@ataccama.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: Fix typo that prevents the Password ClusterGenerator from working (#4389) Signed-off-by: Emiliano Deustua <edeustua@gmail.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore: release v0.14.1 helm (#4401) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: skip injecting service and cert if conversion is disabled (#4362) * feat: add crd compliance tests (#4390) * feat: add crd compliance tests Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * add github action and cover each crd with a test Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * feat: add PushSecret ability to the webhook provider (#4360) * docs: fix typo in the AWS Secrets manager provider docs (#4403) Signed-off-by: Robert Marsal <507871+robertmarsal@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * feat(chart): add support for revisionHistoryLimit on the cert (#4292) * feat(chart): add support for revisionHistoryLimit on the cert Certificates support setting revisionHistoryLimit on a per cert basis to prevent the sprawl of certificateRequests. This functions similarly to revisionHistoryLimit on Deployments Signed-off-by: Hans Knecht <hans@anomalo.com> * chore: make helm.test.update Signed-off-by: Hans Knecht <hans@anomalo.com> --------- Signed-off-by: Hans Knecht <hans@anomalo.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: add push secret refreshInterval defaulting (#4404) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: Improved error message for unsupported secret store kind (#4398) Signed-off-by: Peter Swica <peter.swica@gusto.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore(deps): bump golang from 1.23.5-bookworm to 1.23.6-bookworm in /e2e (#4414) * chore(deps): bump golang from 1.23.5-bookworm to 1.23.6-bookworm in /e2e Bumps golang from 1.23.5-bookworm to 1.23.6-bookworm. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * fix: missing readme and value schema update Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: defining the test suite in tests folder it is already in the test folder Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore(deps): bump golang from 1.23.5 to 1.23.6 (#4407) Bumps golang from 1.23.5 to 1.23.6. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump mkdocs-material from 9.6.1 to 9.6.3 in /hack/api-docs (#4408) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.6.1 to 9.6.3. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.6.1...9.6.3) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github/codeql-action from 3.28.8 to 3.28.9 (#4409) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.8 to 3.28.9. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/dd746615b3b9d728a6a37ca2045b68ca76d4841a...9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump docker/setup-qemu-action from 3.3.0 to 3.4.0 (#4410) Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3.3.0 to 3.4.0. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/53851d14592bedcffcf25ea515637cff71ef929a...4574d27a4764455b42196d70a065bc6853246a25) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump sigstore/cosign-installer from 3.7.0 to 3.8.0 (#4411) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.7.0 to 3.8.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da...c56c2d3e59e4281cc41dea2217323ba5694b171e) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump docker/setup-buildx-action from 3.8.0 to 3.9.0 (#4412) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.8.0 to 3.9.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/6524bf65af31da8d45b59e8c27de4bd072b392f5...f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump golangci/golangci-lint-action from 6.2.0 to 6.3.1 (#4413) Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 6.2.0 to 6.3.1. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/ec5d18412c0aeab7936cb16880d708ba2a64e1ae...2e788936b09dd82dc280e845628a40d2ba6b204c) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add more flexibility to webhook service (#4402) * Add more flexibility to webhook service Signed-off-by: Hans Adema <git@xvh.nl> Signed-off-by: Klaas Sangers <git@crumbs.mozmail.com> * Add tests for webhook service annotations+metrics Signed-off-by: Klaas Sangers <git@crumbs.mozmail.com> --------- Signed-off-by: Hans Adema <git@xvh.nl> Signed-off-by: Klaas Sangers <git@crumbs.mozmail.com> Co-authored-by: Klaas Sangers <git@crumbs.mozmail.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * Added section explaining how to create shared secret without cluster wide access (#4418) Signed-off-by: renepupil <117264860+renepupil@users.noreply.github.com> * doc: enhance best practices for cluster-wide resources reconciliation (#4423) Signed-off-by: Kilian Kluge <dev@kluge.ai> * fix: ignore NoSecretErr in generator state (#4422) * chore: update go version to 1.23.6 (#4420) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore: update helm charts to v0.14.2 (#4425) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * docs: add a link to the cncf calendar for the community meeting (#4431) * doc: revise and enhance Google Secret Manager authentication (#4430) * doc: revise and enhance Google Secret Manager authentication Signed-off-by: Kilian Kluge <dev@kluge.ai> * fix(doc): add link to WIF issue on GitHub Signed-off-by: Kilian Kluge <dev@kluge.ai> --------- Signed-off-by: Kilian Kluge <dev@kluge.ai> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore(deps): bump goreleaser/goreleaser-action from 6.1.0 to 6.2.1 (#4434) Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 6.1.0 to 6.2.1. - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](https://github.com/goreleaser/goreleaser-action/compare/9ed2f89a662bf1735a48bc8557fd212fa902bebf...90a3faa9d0182683851fbfa97ca1a2cb983bfca3) --- updated-dependencies: - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump alpine from 3.21.2 to 3.21.3 in /e2e (#4435) Bumps alpine from 3.21.2 to 3.21.3. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump mkdocs-material from 9.6.3 to 9.6.4 in /hack/api-docs (#4437) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.6.3 to 9.6.4. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.6.3...9.6.4) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump alpine from `56fa17d` to `a8560b3` (#4438) Bumps alpine from `56fa17d` to `a8560b3`. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump alpine from `56fa17d` to `a8560b3` in /hack/api-docs (#4442) Bumps alpine from `56fa17d` to `a8560b3`. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * docs: add examples of Governance document being applied for members joining (#4450) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: propagate commit error to caller so it becomes user visible (#4451) ...also ignore empty state in state manager Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * chore(deps): bump golangci/golangci-lint-action from 6.3.1 to 6.5.0 (#4433) * chore(deps): bump golangci/golangci-lint-action from 6.3.1 to 6.5.0 Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 6.3.1 to 6.5.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/2e788936b09dd82dc280e845628a40d2ba6b204c...2226d7cb06a077cd73e56eedd38eecad18e5d837) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * update linter settings file Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore: update dependencies (#4443) * update dependencies Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> * update the test after IBM update Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * Fix: add coversion hook to steps to disable webhook (#4453) * Fix: add coversion hook to steps to disable webhook Signed-off-by: Matías Arranz García <74046491+matt-matt-tmatt@users.noreply.github.com> * Fix typo Signed-off-by: Matías Arranz García <74046491+matt-matt-tmatt@users.noreply.github.com> --------- Signed-off-by: Matías Arranz García <74046491+matt-matt-tmatt@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: update helm chart tests (#4454) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: Update Helm Readme For Log Params (#4457) Signed-off-by: Peter Swica <peter.swica@gusto.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * feat: github provider (#4459) Signed-off-by: Gustavo <gustavo@externalsecrets.com> * update: update Kubernetes tags for vault provider and change path default (#4452) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore(deps): bump mkdocs-material from 9.6.4 to 9.6.5 in /hack/api-docs (#4466) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.6.4 to 9.6.5. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.6.4...9.6.5) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: github secrets not creating new secrets (#4472) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: panic on parameterstore.go (#4471) * fix: panic on parameterstore.go Signed-off-by: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> * fixed lint error Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore(deps): bump sigstore/cosign-installer from 3.8.0 to 3.8.1 (#4462) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.8.0 to 3.8.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/c56c2d3e59e4281cc41dea2217323ba5694b171e...d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore(deps): bump actions/cache from 4.2.0 to 4.2.1 (#4463) Bumps [actions/cache](https://github.com/actions/cache) from 4.2.0 to 4.2.1. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/1bd1e32a3bdc45362d1e726936510720a7c30a57...0c907a75c2c80ebcb7f088228285e798b750cf8f) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 (#4464) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.4.0 to 2.4.1. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/62b2cac7ed8198b15735ed49ab1e5cf35480ba46...f49aabe0b5af0936a0987cfb85d86b75731b0186) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github/codeql-action from 3.28.9 to 3.28.10 (#4465) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.9 to 3.28.10. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0...b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * update dependencies (#4468) Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> * chore: update helm test for github (#4475) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * feat: 1password find by tags (#4476) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: do not return pointer to session from cache (#4478) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * chore: update helm charts to v0.14.3 (#4482) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore: stability-support.md (#4480) Fixes #4417 Signed-off-by: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix invalid quote (#4483) Signed-off-by: Aran Shavit <Aranshavit@gmail.com> * Improve documentation for webhook auth secrets (#4485) Add correct labels to secrets used for authentication in Webhook Providers Signed-off-by: Koenraad <koenraad@zimmo.be> * fix: removed unused vars from apis/generators/v1alpha1/register.go (#4477) * [feature] added Prometheus Status metric for the PushSecret objects (#4489) * [feature] added Prometheus Status metric for the PushSecret objects Signed-off-by: Nikolai Shmatenkov <nshmatenkov@allegion.com> * [feature] updated documentation Signed-off-by: Nikolai Shmatenkov <nshmatenkov@allegion.com> * Update docs/api/metrics.md Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Nikolai Shmatenkov <nshmatenkov@allegion.com> Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Co-authored-by: Nikolai Shmatenkov <nshmatenkov@allegion.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore(deps): bump mkdocs-material from 9.6.5 to 9.6.7 in /hack/api-docs (#4497) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.6.5 to 9.6.7. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.6.5...9.6.7) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump docker/setup-qemu-action from 3.4.0 to 3.6.0 (#4495) Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3.4.0 to 3.6.0. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/4574d27a4764455b42196d70a065bc6853246a25...29109295f81e9208d7d86ff1c6c12d2833863392) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore(deps): bump actions/attest-build-provenance from 2.2.0 to 2.2.2 (#4492) Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) from 2.2.0 to 2.2.2. - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/520d128f165991a6c774bcb264f323e3d70747f4...bd77c077858b8d561b7a36cbe48ef4cc642ca39d) --- updated-dependencies: - dependency-name: actions/attest-build-provenance dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump codecov/codecov-action from 5.3.1 to 5.4.0 (#4491) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5.3.1 to 5.4.0. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3...0565863a31f2c772f9f0395002a31e3f06189574) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump actions/cache from 4.2.1 to 4.2.2 (#4493) Bumps [actions/cache](https://github.com/actions/cache) from 4.2.1 to 4.2.2. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/0c907a75c2c80ebcb7f088228285e798b750cf8f...d4323d4df104b026a6aa633fdb11d772146be0bf) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump docker/setup-buildx-action from 3.9.0 to 3.10.0 (#4494) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.9.0 to 3.10.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca...b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ubi8/ubi from `881aaf5` to `ecbeb81` (#4496) Bumps ubi8/ubi from `881aaf5` to `ecbeb81`. --- updated-dependencies: - dependency-name: ubi8/ubi dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: disable managed cache for cluster scope if rbac is restricted (#4502) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: allow using UUID as vault and item name (#4490) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore: update dependencies (#4498) * update dependencies Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> * fix: update beyondtrust error message expectations Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> --------- Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com> * docs: update aws identity doc adding EKS pod identity flow (#4432) * docs: update aws identity doc adding EKS pod identity flow Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * updated according to comments Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * feat: Allow to specify tags when pushing to Azure Key Vault (#4507) * Set tags in azure key vault Signed-off-by: twobiers <22715034+twobiers@users.noreply.github.com> * Introduce a helper method to reduce cognitive complexity Signed-off-by: twobiers <22715034+twobiers@users.noreply.github.com> --------- Signed-off-by: twobiers <22715034+twobiers@users.noreply.github.com> * feat: enable pushing the entire secret with aws secrets manager (#4504) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: remove fmt.Println from code and test code (#4509) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: improve webhook provider PushSecret handling (#4508) * fix: improve webhook provider PushSecret handling Refactor Webhook provider so that the body can be specified as a template. This allows a secret to be sent to a web provider without requiring the web provider to accept the secret in whatever form the secret itself is in; the secret could be provided in a well-formed, provider-specific JSON blob. Signed-off-by: Billie Cleek <billie.cleek@lambdal.com> * maintain backward compatibility Keep backward compatibility by sending the secret in the body when the webhook provider's body field is empty. Signed-off-by: Billie Cleek <billie.cleek@lambdal.com> * docs: clarify Webhook PushSecret capability Clarify that the webhook provider makes the secret available on the remoteRef object so that it can be used in templates. Signed-off-by: Billie Cleek <billie.cleek@lambdal.com> * docs: clarify Webhook empty body capability Clarify how to send an empty body with the Webhook provider pushing a secret. Signed-off-by: Billie Cleek <billie.cleek@lambdal.com> --------- Signed-off-by: Billie Cleek <billie.cleek@lambdal.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix webhook provider docs (#4514) Wrap a code block in a raw template so that the template in the block will render as expected. Signed-off-by: Billie Cleek <billie.cleek@lambdal.com> * Updates to AAD and date update (#4512) * AAD to Microsoft Entra ID for consistency Signed-off-by: sneakernuts <671942+sneakernuts@users.noreply.github.com> * 2024 to 2025 Signed-off-by: sneakernuts <671942+sneakernuts@users.noreply.github.com> --------- Signed-off-by: sneakernuts <671942+sneakernuts@users.noreply.github.com> * allow references expansion when searching secret by key infinsical (#4486) * allow references expansion when searching secret by key Signed-off-by: Christophe Jauffret <reg-github@geo6.net> * add updated helm test for the crd Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Christophe Jauffret <reg-github@geo6.net> Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * use subtests in webprovider unit tests (#4511) * use subtests in webhook provider unit tests Use subtests in webhook provider unit tests to make it easier to identify failing tests as well as run them in isolation. Signed-off-by: Billie Cleek <billie.cleek@lambdal.com> * remove unnecessary newline to satisfy golangci-lint rules Signed-off-by: Billie Cleek <billie.cleek@lambdal.com> --------- Signed-off-by: Billie Cleek <billie.cleek@lambdal.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * feat: make vault auth an optional entry (#4516) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore(deps): bump github/codeql-action from 3.28.10 to 3.28.11 (#4521) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.10 to 3.28.11. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d...6bb031afdd8eb862ea3fc1848194185e076637e5) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump jinja2 from 3.1.5 to 3.1.6 in /hack/api-docs (#4523) Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.5 to 3.1.6. - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets/jinja/compare/3.1.5...3.1.6) --- updated-dependencies: - dependency-name: jinja2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump actions/attest-build-provenance from 2.2.2 to 2.2.3 (#4522) Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) from 2.2.2 to 2.2.3. - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/bd77c077858b8d561b7a36cbe48ef4cc642ca39d...c074443f1aee8d4aeeae555aebba3282517141b2) --- updated-dependencies: - dependency-name: actions/attest-build-provenance dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * update dependencies (#4528) Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * feat: update the go version 1.24 (#4525) * feat: update the go version 1.24 Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * update linter Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore: update helm charts to v0.14.4 (#4531) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * Fix certificate revisionHistoryLimit schema (#4534) * fix invalid quote Signed-off-by: Aran Shavit <Aranshavit@gmail.com> * fix schema Signed-off-by: Aran Shavit <Aranshavit@gmail.com> * change implementation so that default value will work Signed-off-by: Aran Shavit <Aranshavit@gmail.com> * ran make test.crds.update Signed-off-by: Aran Shavit <Aranshavit@gmail.com> --------- Signed-off-by: Aran Shavit <Aranshavit@gmail.com> * Improve Grafana generator integration with in-cluster Grafana (#4519) * Improve Grafana generator integration with in-cluster Grafana Signed-off-by: solidDoWant <fred.heinecke@yahoo.com> * Switch to URL parsing Signed-off-by: solidDoWant <fred.heinecke@yahoo.com> * rm unnecessary type conversion Signed-off-by: solidDoWant <fred.heinecke@yahoo.com> * `omitEmpty` -> `omitempty` Signed-off-by: solidDoWant <fred.heinecke@yahoo.com> --------- Signed-off-by: solidDoWant <fred.heinecke@yahoo.com> Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> * feat: introduce codeql scan for code sections (#4198) * chore(deps): bump the go_modules group across 2 directories with 1 update Bumps the go_modules group with 1 update in the / directory: [github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt). Bumps the go_modules group with 1 update in the /e2e directory: [github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt). Updates `github.com/golang-jwt/jwt/v4` from 4.5.0 to 4.5.1 - [Release notes](https://github.com/golang-jwt/jwt/releases) - [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md) - [Commits](https://github.com/golang-jwt/jwt/compare/v4.5.0...v4.5.1) Updates `github.com/golang-jwt/jwt/v4` from 4.5.0 to 4.5.1 - [Release notes](https://github.com/golang-jwt/jwt/releases) - [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md) - [Commits](https://github.com/golang-jwt/jwt/compare/v4.5.0...v4.5.1) --- updated-dependencies: - dependency-name: github.com/golang-jwt/jwt/v4 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/golang-jwt/jwt/v4 dependency-type: direct:production dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump tornado Bumps the pip group with 1 update in the /hack/api-docs directory: [tornado](https://github.com/tornadoweb/tornado). Updates `tornado` from 6.4.1 to 6.4.2 - [Changelog](https://github.com/tornadoweb/tornado/blob/v6.4.2/docs/releases.rst) - [Commits](https://github.com/tornadoweb/tornado/compare/v6.4.1...v6.4.2) --- updated-dependencies: - dependency-name: tornado dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] <support@github.com> * Create codeql.yml Signed-off-by: Seth J Landry <waymakerijn@outlook.com> * streamline the codeql action Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Seth J Landry <waymakerijn@outlook.com> Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * feat: add metadata setting to encode secrets as decoded values (#4535) * feat: add metadata setting to encode secrets as decoded values Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * Update docs/provider/aws-parameter-store.md Co-authored-by: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Co-authored-by: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> * Update full-pushsecret.yaml (#4547) Signed-off-by: Eitan1112 <52412573+Eitan1112@users.noreply.github.com> * chore(deps): bump mkdocs-material from 9.6.7 to 9.6.8 in /hack/api-docs (#4555) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.6.7 to 9.6.8. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.6.7...9.6.8) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump aquasecurity/trivy-action from 0.29.0 to 0.30.0 (#4550) Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.29.0 to 0.30.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/18f2510ee396bbf400402947b394f2dd8c87dbb0...6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump docker/login-action from 3.3.0 to 3.4.0 (#4551) Bumps [docker/login-action](https://github.com/docker/login-action) from 3.3.0 to 3.4.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/9780b0c442fbb1117ed29e0efdff1e18412f7567...74a5d142397b4f367a81961eba4e8cd7edddf772) --- updated-dependencies: - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump golangci/golangci-lint-action from 6.5.0 to 6.5.1 (#4552) Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 6.5.0 to 6.5.1. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/2226d7cb06a077cd73e56eedd38eecad18e5d837...4696ba8babb6127d732c3c6dde519db15edab9ea) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: skip none-existing keys (#4517) * fix: skip none-existing keys Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * remove empty key from the secret map Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore(deps): bump ubi8/ubi from `ecbeb81` to `5993454` (#4553) Bumps ubi8/ubi from `ecbeb81` to `5993454`. --- updated-dependencies: - dependency-name: ubi8/ubi dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: define top level permissions and fix token scope (#4543) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * Fix Grafana generator not passing desired SA role to creation request (#4533) Signed-off-by: solidDoWant <fred.heinecke@yahoo.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore(deps): bump distroless/static from `3f2b64e` to `95ea148` (#4554) Bumps distroless/static from `3f2b64e` to `95ea148`. --- updated-dependencies: - dependency-name: distroless/static dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * feat: non standard templating delimiters (#4558) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * update dependencies (#4556) Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> * feat: add cloud.ru secret manager support (#3716) * feat: add Cloud.ru provider Add a new SecretManager provider, which integrates with cloud.ru API and allows to interact with stored secrets. Signed-off-by: Dmitry Ivanov <dvivanov@cloud.ru> * feat: add cloudru documentation Signed-off-by: Dmitry Ivanov <dvivanov@cloud.ru> --------- Signed-off-by: Dmitry Ivanov <dvivanov@cloud.ru> * fix: check if secret is being deleted during fetch (#4562) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * feat: cluster push secret with pushing all secrets from a namespace (#4162) * feat: cluster push secret with pushing all secrets from a namespace Signed-off-by: Gergely Brautigam <182850+Skarlso@use…

Skarlso marked this pull request as ready for review December 1, 2024 20:22

Skarlso requested a review from a team as a code owner December 1, 2024 20:22

Skarlso requested a review from rogertuma December 1, 2024 20:22

gusfcarvalho reviewed Dec 18, 2024

View reviewed changes

Skarlso requested a review from moolen December 21, 2024 20:35

Skarlso added this to the 0.12.0 milestone Dec 23, 2024

Skarlso modified the milestones: 0.12.0, 0.13.0 Dec 31, 2024

Skarlso requested review from gusfcarvalho and removed request for rogertuma January 18, 2025 09:49

Skarlso modified the milestones: 0.13.0, 0.14.0 Jan 21, 2025

Skarlso added 8 commits February 3, 2025 09:45

feat: cluster push secret with pushing all secrets from a namespace

1c602f1

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

update the unit test and add RBAC for the new type and registration

ef0a141

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

updating with check-diff

61a587d

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

adding metrics and crd values and the reconciler

7f7ab45

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

remove namespace list selector and deprecate it in clusterexternalsecret

d88032f

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

refactor for sonar

23b5816

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

added unit tests, updated rbac and configured metrics

0d20137

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

made the test work and refactored a bit

8041119

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

run helm.test.update

08c9543

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

Skarlso added 3 commits February 5, 2025 21:05

Merge branch 'main' into implement-push-secret-selector

9d03772

Merge branch 'main' into implement-push-secret-selector

bf62ca3

Merge branch 'main' into implement-push-secret-selector

e19a5b0

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

moolen reviewed Mar 18, 2025

View reviewed changes

rename the secretSelector to selector since the name is implied alrea…

e884c45

…dy by the context Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

moolen previously approved these changes Mar 19, 2025

View reviewed changes

Skarlso added 2 commits March 19, 2025 10:34

Merge branch 'main' into implement-push-secret-selector

84b2d92

update the documentation to add cluster push secret to the apis

7378ea9

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

Skarlso dismissed moolen’s stale review via 7378ea9 March 19, 2025 10:01

Skarlso requested a review from moolen March 19, 2025 10:02

added helm values for disabling cluster push secret

f19a779

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

moolen approved these changes Mar 19, 2025

View reviewed changes

Merge branch 'main' into implement-push-secret-selector

c3377d0

Skarlso merged commit e07ba80 into external-secrets:main Mar 19, 2025
7 of 9 checks passed

github-project-automation bot moved this from In Progress to Done in External Secrets Mar 19, 2025

murphm54 mentioned this pull request Apr 8, 2025

Can ClusterPushSecret be used to push multiple secrets? #4627

Closed

pippitt mentioned this pull request Apr 28, 2025

PushSecret remoteRef remoteKey parameterized/templatized #4720

Open

Uh oh!

Conversation

Skarlso commented Nov 30, 2024

Problem Statement

Related Issue

Proposed Changes

Checklist

Uh oh!

Skarlso commented Dec 1, 2024

Uh oh!

gusfcarvalho Dec 18, 2024

Choose a reason for hiding this comment

Uh oh!

Skarlso Dec 18, 2024

Choose a reason for hiding this comment

Uh oh!

gusfcarvalho Dec 18, 2024

Choose a reason for hiding this comment

Uh oh!

Skarlso commented Dec 18, 2024

Uh oh!

gusfcarvalho commented Dec 19, 2024

Uh oh!

Skarlso commented Dec 19, 2024

Uh oh!

Skarlso commented Dec 20, 2024

Uh oh!

Skarlso commented Dec 20, 2024

Uh oh!

Skarlso commented Dec 20, 2024

Uh oh!

Skarlso commented Dec 20, 2024

Uh oh!

eso-service-account-app bot commented Dec 20, 2024

Uh oh!

Skarlso commented Feb 3, 2025

Uh oh!

eso-service-account-app bot commented Feb 3, 2025

Uh oh!

moolen left a comment

Choose a reason for hiding this comment

Uh oh!

moolen Mar 18, 2025

Choose a reason for hiding this comment

Uh oh!

Skarlso Mar 19, 2025

Choose a reason for hiding this comment

Uh oh!

Skarlso Mar 19, 2025

Choose a reason for hiding this comment

Uh oh!

Uh oh!

sonarqubecloud bot commented Mar 19, 2025

Quality Gate passed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants