infisical: fix error handling which previously failed silently (missing secrets, incorrect auth, etc.)#4304
Merged
Skarlso merged 15 commits intoexternal-secrets:mainfrom Jan 21, 2025
Conversation
Contributor
Author
|
I'm not too sure if there's more appropriate standards within external-secrets, e.g. error naming and testing, which I could improve here. So far I've just unit tested this. I'll give this a pass running against a real cluster to exercise the various failures and double check that things are working. |
6 tasks
Skarlso
reviewed
Jan 19, 2025
Signed-off-by: Joey Pereira <joey@pereira.io>
While adding test cases for RevokeAccessToken, I realized that the tests were simply exiting early because of the access token. Instead, let's be explicit and return an error. Signed-off-by: Joey Pereira <joey@pereira.io>
Signed-off-by: Joey Pereira <joey@pereira.io>
Signed-off-by: Joey Pereira <joey@pereira.io>
Signed-off-by: Joey Pereira <joey@pereira.io>
…ror on GetSecretByKeyV3 Signed-off-by: Joey Pereira <joey@pereira.io>
Additionally, this correctly plumbs through more of the error response data and avoids leaking a 200 response on unmarshal errors Signed-off-by: Joey Pereira <joey@pereira.io>
Signed-off-by: Joey Pereira <joey@pereira.io>
Signed-off-by: Joey Pereira <joey@pereira.io>
50c7250 to
a21f1b1
Compare
Contributor
Author
|
Alright, this is now clean up, tested, and ready for review. I do have two items I may grab following this. First, I realized Secondly, I may add in e2e tests for Infisical which can be fully self-hosted akin to the Vault tests. |
Signed-off-by: Joey Pereira <joey@pereira.io>
1b1b51e to
757661e
Compare
Contributor
|
@lgo There is one more Quality Gate issue for you to take care off please. :) |
akhilmhdh
reviewed
Jan 20, 2025
Signed-off-by: Joey Pereira <joey@pereira.io>
Signed-off-by: Joey Pereira <joey@pereira.io>
8f0ea23 to
c967c1d
Compare
Contributor
Author
|
Thanks both - I've fixed the issues. |
akhilmhdh
approved these changes
Jan 20, 2025
Skarlso
reviewed
Jan 20, 2025
Signed-off-by: Joey Pereira <joey@pereira.io>
Signed-off-by: Joey Pereira <joey@pereira.io>
12f32bb to
09a85ad
Compare
Skarlso
approved these changes
Jan 21, 2025
Contributor
Skarlso
left a comment
There was a problem hiding this comment.
Very nice tests! Well done! :)
|
iwannaexplore
added a commit
to dodopizza/infra.k8s.external-secrets
that referenced
this pull request
May 7, 2025
* chore(deps): bump golang from 1.23.4-bookworm to 1.23.5-bookworm in /e2e (#4309) Bumps golang from 1.23.4-bookworm to 1.23.5-bookworm. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump mkdocs-material in /hack/api-docs (#4311) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.49 to 9.5.50. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.49...9.5.50) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ubi8/ubi from `37cdac4` to `2e863fb` (#4312) Bumps ubi8/ubi from `37cdac4` to `2e863fb`. --- updated-dependencies: - dependency-name: ubi8/ubi dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump golang from 1.23.4 to 1.23.5 (#4313) Bumps golang from 1.23.4 to 1.23.5. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * infisical: fix error handling which previously failed silently (missing secrets, incorrect auth, etc.) (#4304) * add error handling to Infisical provider Signed-off-by: Joey Pereira <joey@pereira.io> * add access token error handling While adding test cases for RevokeAccessToken, I realized that the tests were simply exiting early because of the access token. Instead, let's be explicit and return an error. Signed-off-by: Joey Pereira <joey@pereira.io> * add assertion for ImportedSecrets Signed-off-by: Joey Pereira <joey@pereira.io> * rewrite tests to use httptest Signed-off-by: Joey Pereira <joey@pereira.io> * refactor API calls to simplify common code Signed-off-by: Joey Pereira <joey@pereira.io> * better handle responses that cannot unmarshal; only return NoSecretError on GetSecretByKeyV3 Signed-off-by: Joey Pereira <joey@pereira.io> * cleanup tests Additionally, this correctly plumbs through more of the error response data and avoids leaking a 200 response on unmarshal errors Signed-off-by: Joey Pereira <joey@pereira.io> * fix provider.go test (given swap away from improper infisical API impl) Signed-off-by: Joey Pereira <joey@pereira.io> * improve details format Signed-off-by: Joey Pereira <joey@pereira.io> * bin/golangci-lint fixes Signed-off-by: Joey Pereira <joey@pereira.io> * address feedback Signed-off-by: Joey Pereira <joey@pereira.io> * address quality issue Signed-off-by: Joey Pereira <joey@pereira.io> * address comments Signed-off-by: Joey Pereira <joey@pereira.io> * replace reflect call with simpler zero-value check Signed-off-by: Joey Pereira <joey@pereira.io> --------- Signed-off-by: Joey Pereira <joey@pereira.io> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: rename render to esoctl in release action (#4319) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore: release v0.13.0 helm (#4322) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: documentation and naming for render tool (#4324) * fix: security issues with esoctl release action (#4325) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * sonar: ignore duplication warnings in test files (#4320) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: sonar ignore duplication warning in test files only (#4329) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: sonar configs (#4334) Signed-off-by: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com> * feat: column storeType (#4337) Co-authored-by: Frans6 jefferson.frds@gmail.com Signed-off-by: brenob6 <brenob6@gmail.com> * fix: retry failed reconciles much less aggressively (#4339) Signed-off-by: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com> * chore(deps): bump pymdown-extensions in /hack/api-docs (#4341) Bumps [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions) from 10.14 to 10.14.1. - [Release notes](https://github.com/facelessuser/pymdown-extensions/releases) - [Commits](https://github.com/facelessuser/pymdown-extensions/compare/10.14...10.14.1) --- updated-dependencies: - dependency-name: pymdown-extensions dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump importlib-metadata in /hack/api-docs (#4342) Bumps [importlib-metadata](https://github.com/python/importlib_metadata) from 8.5.0 to 8.6.1. - [Release notes](https://github.com/python/importlib_metadata/releases) - [Changelog](https://github.com/python/importlib_metadata/blob/main/NEWS.rst) - [Commits](https://github.com/python/importlib_metadata/compare/v8.5.0...v8.6.1) --- updated-dependencies: - dependency-name: importlib-metadata dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump helm/chart-releaser-action from 1.6.0 to 1.7.0 (#4343) Bumps [helm/chart-releaser-action](https://github.com/helm/chart-releaser-action) from 1.6.0 to 1.7.0. - [Release notes](https://github.com/helm/chart-releaser-action/releases) - [Commits](https://github.com/helm/chart-releaser-action/compare/a917fd15b20e8b64b94d9158ad54cd6345335584...cae68fefc6b5f367a0275617c9f83181ba54714f) --- updated-dependencies: - dependency-name: helm/chart-releaser-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump actions/setup-go from 5.2.0 to 5.3.0 (#4344) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.2.0 to 5.3.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/3041bf56c941b39c61721a86cd11f3bb1338122a...f111f3307d8850f501ac008e886eec1fd1932a34) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump actions/stale from 9.0.0 to 9.1.0 (#4345) Bumps [actions/stale](https://github.com/actions/stale) from 9.0.0 to 9.1.0. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/stale/compare/28ca1036281a5e5922ead5184a1bbf96e5fc984e...5bef64f19d7facfb25b37b414482c7164d639639) --- updated-dependencies: - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump fossas/fossa-action from 1.4.0 to 1.5.0 (#4346) Bumps [fossas/fossa-action](https://github.com/fossas/fossa-action) from 1.4.0 to 1.5.0. - [Release notes](https://github.com/fossas/fossa-action/releases) - [Commits](https://github.com/fossas/fossa-action/compare/09bcf127dc0ccb4b5a023f6f906728878e8610ba...93a52ecf7c3ac7eb40f5de77fd69b1a19524de94) --- updated-dependencies: - dependency-name: fossas/fossa-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump anchore/sbom-action from 0.17.9 to 0.18.0 (#4347) Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.17.9 to 0.18.0. - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](https://github.com/anchore/sbom-action/compare/df80a981bc6edbc4e220a492d3cbe9f5547a6e75...f325610c9f50a54015d37c8d16cb3b0e2c8f4de0) --- updated-dependencies: - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump golang from `47d3375` to `47d3375` (#4348) Bumps golang from `47d3375` to `47d3375`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: update dependencies (#4350) * update dependencies Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> * adjust the parameter for the new beyond trust Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * removed the usage of the REST client and prefer the fake client Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * docs: Adding a glossary and a prerequirement (#4299) Signed-off-by: Ana Carolina Costa César <anaipva@gmail.com> Signed-off-by: Lucas Queiroz <lucas.fn4@gmail.com> Signed-off-by: Caio Santos <caiobs10@gmail.com> Signed-off-by: Juan-Ricarte <juanricarte77@gmail.com> Signed-off-by: Kauan Eiras <kauante@hotmail.com> Signed-off-by: Miguel de Frias <miguelfrias8@gmail.com> Signed-off-by: Luiz Pettengill <luizpettengill@hotmail.com> Signed-off-by: Suzane Duarte <ssuzane9@hotmail.com> Signed-off-by: Gabriel Ribeiro <gabrielribeirof19@gmail.com> Signed-off-by: Breno Queiroz Lima <brenob6@gmail.com> Signed-off-by: Luana Torres <sluana.torres@gmail.com> Signed-off-by: Jefferson França <jefferson.frds@gmail.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: security issues with esoctl release action take 2 (#4326) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * Align the refresh interval with others and avoid unnecessary server requests. (#4353) Signed-off-by: Cedric Alfonsi <cedric@passbolt.com> * feat: add API version parameter to BeyondTrust Provider (#4354) * feat: introduce state for generator and new grafana SA generator (#4203) * feat: introduce state for generator and new grafana SA generator Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * Update pkg/controllers/generatorstate/generatorstate_controller.go Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> * fix: do not log here Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * feat: implement generator state conditions Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: address comments Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> --------- Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * doc: link to the CNCF code of conduct (#4364) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore(deps): bump ubi8/ubi from `2e863fb` to `881aaf5` (#4365) Bumps ubi8/ubi from `2e863fb` to `881aaf5`. --- updated-dependencies: - dependency-name: ubi8/ubi dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump actions/attest-build-provenance from 2.1.0 to 2.2.0 (#4366) Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) from 2.1.0 to 2.2.0. - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/7668571508540a607bdfd90a87a560489fe372eb...520d128f165991a6c774bcb264f323e3d70747f4) --- updated-dependencies: - dependency-name: actions/attest-build-provenance dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump helm/chart-testing-action from 2.6.1 to 2.7.0 (#4367) Bumps [helm/chart-testing-action](https://github.com/helm/chart-testing-action) from 2.6.1 to 2.7.0. - [Release notes](https://github.com/helm/chart-testing-action/releases) - [Commits](https://github.com/helm/chart-testing-action/compare/e6669bcd63d7cb57cb4380c33043eebe5d111992...0d28d3144d3a25ea2cc349d6e59901c4ff469b3b) --- updated-dependencies: - dependency-name: helm/chart-testing-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump codecov/codecov-action from 5.1.2 to 5.3.1 (#4369) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5.1.2 to 5.3.1. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/1e68e06f1dbfde0e4cefc87efeba9e4643565303...13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github/codeql-action from 3.28.1 to 3.28.8 (#4370) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.1 to 3.28.8. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/b6a472f63d85b9c78a3ac5e89422239fc15e9b3c...dd746615b3b9d728a6a37ca2045b68ca76d4841a) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump babel from 2.16.0 to 2.17.0 in /hack/api-docs (#4371) Bumps [babel](https://github.com/python-babel/babel) from 2.16.0 to 2.17.0. - [Release notes](https://github.com/python-babel/babel/releases) - [Changelog](https://github.com/python-babel/babel/blob/master/CHANGES.rst) - [Commits](https://github.com/python-babel/babel/compare/v2.16.0...v2.17.0) --- updated-dependencies: - dependency-name: babel dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump certifi from 2024.12.14 to 2025.1.31 in /hack/api-docs (#4372) Bumps [certifi](https://github.com/certifi/python-certifi) from 2024.12.14 to 2025.1.31. - [Commits](https://github.com/certifi/python-certifi/compare/2024.12.14...2025.01.31) --- updated-dependencies: - dependency-name: certifi dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump pymdown-extensions in /hack/api-docs (#4373) Bumps [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions) from 10.14.1 to 10.14.3. - [Release notes](https://github.com/facelessuser/pymdown-extensions/releases) - [Commits](https://github.com/facelessuser/pymdown-extensions/compare/10.14.1...10.14.3) --- updated-dependencies: - dependency-name: pymdown-extensions dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump mkdocs-material from 9.5.50 to 9.6.1 in /hack/api-docs (#4374) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.50 to 9.6.1. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.50...9.6.1) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump actions/setup-python from 5.3.0 to 5.4.0 (#4368) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.3.0 to 5.4.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/0b93645e9fea7318ecaed2b359559ac225c90a2b...42375524e23c412d93fb67b49958b491fce71c38) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: gitlab group variable regression (#4379) Signed-off-by: Damien Degois <damien@degois.info> * Implement SecretExists in AWS ParameterStore (#4377) * Implement SecretExists in AWS ParameterStore Signed-off-by: Ami Rahav <amirahav@users.noreply.github.com> * Add missing prefix Signed-off-by: Ami Rahav <amirahav@users.noreply.github.com> --------- Signed-off-by: Ami Rahav <amirahav@users.noreply.github.com> Co-authored-by: Amiram Rahav <arahav@blacksky.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: the esoctl tooling website was not working (#4383) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore: release v0.14.0 helm (#4385) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * docs: fix typo in templating examples (#4387) Signed-off-by: Sverre Boschman <1142569+sboschman@users.noreply.github.com> * Added additional validation for a usecase where a namespace is provided for SecretStore CAprovider (#4359) * feat: added additional validation for a use case where a namespace is specified for SecretStore caProvider Signed-off-by: Alexander Chernov <alexander@chernov.it> * chore: improved error message to highlight an issue when namespace is filtered out when trying to get a namespaced secret from secretstore. Signed-off-by: Alexander Chernov <alexander@chernov.it> * chore: fixed failing tests Signed-off-by: Alexander Chernov <alexander@chernov.it> --------- Signed-off-by: Alexander Chernov <alexander@chernov.it> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * Update doc references from to . (#4388) Signed-off-by: Micaiah Martin <github@sourcecodemt.com> * feat: Merging metrics and service monitor services (#4356) Signed-off-by: Rémy Jacquin <remy@remyj.fr> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * feat: allow accessing original Vault response from VaultDynamicSecret (#4358) Signed-off-by: Michal Baumgartner <michal.baumgartner@ataccama.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: Fix typo that prevents the Password ClusterGenerator from working (#4389) Signed-off-by: Emiliano Deustua <edeustua@gmail.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore: release v0.14.1 helm (#4401) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: skip injecting service and cert if conversion is disabled (#4362) * feat: add crd compliance tests (#4390) * feat: add crd compliance tests Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * add github action and cover each crd with a test Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * feat: add PushSecret ability to the webhook provider (#4360) * docs: fix typo in the AWS Secrets manager provider docs (#4403) Signed-off-by: Robert Marsal <507871+robertmarsal@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * feat(chart): add support for revisionHistoryLimit on the cert (#4292) * feat(chart): add support for revisionHistoryLimit on the cert Certificates support setting revisionHistoryLimit on a per cert basis to prevent the sprawl of certificateRequests. This functions similarly to revisionHistoryLimit on Deployments Signed-off-by: Hans Knecht <hans@anomalo.com> * chore: make helm.test.update Signed-off-by: Hans Knecht <hans@anomalo.com> --------- Signed-off-by: Hans Knecht <hans@anomalo.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: add push secret refreshInterval defaulting (#4404) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: Improved error message for unsupported secret store kind (#4398) Signed-off-by: Peter Swica <peter.swica@gusto.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore(deps): bump golang from 1.23.5-bookworm to 1.23.6-bookworm in /e2e (#4414) * chore(deps): bump golang from 1.23.5-bookworm to 1.23.6-bookworm in /e2e Bumps golang from 1.23.5-bookworm to 1.23.6-bookworm. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * fix: missing readme and value schema update Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: defining the test suite in tests folder it is already in the test folder Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore(deps): bump golang from 1.23.5 to 1.23.6 (#4407) Bumps golang from 1.23.5 to 1.23.6. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump mkdocs-material from 9.6.1 to 9.6.3 in /hack/api-docs (#4408) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.6.1 to 9.6.3. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.6.1...9.6.3) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github/codeql-action from 3.28.8 to 3.28.9 (#4409) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.8 to 3.28.9. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/dd746615b3b9d728a6a37ca2045b68ca76d4841a...9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump docker/setup-qemu-action from 3.3.0 to 3.4.0 (#4410) Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3.3.0 to 3.4.0. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/53851d14592bedcffcf25ea515637cff71ef929a...4574d27a4764455b42196d70a065bc6853246a25) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump sigstore/cosign-installer from 3.7.0 to 3.8.0 (#4411) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.7.0 to 3.8.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da...c56c2d3e59e4281cc41dea2217323ba5694b171e) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump docker/setup-buildx-action from 3.8.0 to 3.9.0 (#4412) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.8.0 to 3.9.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/6524bf65af31da8d45b59e8c27de4bd072b392f5...f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump golangci/golangci-lint-action from 6.2.0 to 6.3.1 (#4413) Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 6.2.0 to 6.3.1. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/ec5d18412c0aeab7936cb16880d708ba2a64e1ae...2e788936b09dd82dc280e845628a40d2ba6b204c) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add more flexibility to webhook service (#4402) * Add more flexibility to webhook service Signed-off-by: Hans Adema <git@xvh.nl> Signed-off-by: Klaas Sangers <git@crumbs.mozmail.com> * Add tests for webhook service annotations+metrics Signed-off-by: Klaas Sangers <git@crumbs.mozmail.com> --------- Signed-off-by: Hans Adema <git@xvh.nl> Signed-off-by: Klaas Sangers <git@crumbs.mozmail.com> Co-authored-by: Klaas Sangers <git@crumbs.mozmail.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * Added section explaining how to create shared secret without cluster wide access (#4418) Signed-off-by: renepupil <117264860+renepupil@users.noreply.github.com> * doc: enhance best practices for cluster-wide resources reconciliation (#4423) Signed-off-by: Kilian Kluge <dev@kluge.ai> * fix: ignore NoSecretErr in generator state (#4422) * chore: update go version to 1.23.6 (#4420) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore: update helm charts to v0.14.2 (#4425) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * docs: add a link to the cncf calendar for the community meeting (#4431) * doc: revise and enhance Google Secret Manager authentication (#4430) * doc: revise and enhance Google Secret Manager authentication Signed-off-by: Kilian Kluge <dev@kluge.ai> * fix(doc): add link to WIF issue on GitHub Signed-off-by: Kilian Kluge <dev@kluge.ai> --------- Signed-off-by: Kilian Kluge <dev@kluge.ai> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore(deps): bump goreleaser/goreleaser-action from 6.1.0 to 6.2.1 (#4434) Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 6.1.0 to 6.2.1. - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](https://github.com/goreleaser/goreleaser-action/compare/9ed2f89a662bf1735a48bc8557fd212fa902bebf...90a3faa9d0182683851fbfa97ca1a2cb983bfca3) --- updated-dependencies: - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump alpine from 3.21.2 to 3.21.3 in /e2e (#4435) Bumps alpine from 3.21.2 to 3.21.3. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump mkdocs-material from 9.6.3 to 9.6.4 in /hack/api-docs (#4437) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.6.3 to 9.6.4. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.6.3...9.6.4) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump alpine from `56fa17d` to `a8560b3` (#4438) Bumps alpine from `56fa17d` to `a8560b3`. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump alpine from `56fa17d` to `a8560b3` in /hack/api-docs (#4442) Bumps alpine from `56fa17d` to `a8560b3`. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * docs: add examples of Governance document being applied for members joining (#4450) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: propagate commit error to caller so it becomes user visible (#4451) ...also ignore empty state in state manager Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * chore(deps): bump golangci/golangci-lint-action from 6.3.1 to 6.5.0 (#4433) * chore(deps): bump golangci/golangci-lint-action from 6.3.1 to 6.5.0 Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 6.3.1 to 6.5.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/2e788936b09dd82dc280e845628a40d2ba6b204c...2226d7cb06a077cd73e56eedd38eecad18e5d837) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * update linter settings file Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore: update dependencies (#4443) * update dependencies Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> * update the test after IBM update Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * Fix: add coversion hook to steps to disable webhook (#4453) * Fix: add coversion hook to steps to disable webhook Signed-off-by: Matías Arranz García <74046491+matt-matt-tmatt@users.noreply.github.com> * Fix typo Signed-off-by: Matías Arranz García <74046491+matt-matt-tmatt@users.noreply.github.com> --------- Signed-off-by: Matías Arranz García <74046491+matt-matt-tmatt@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: update helm chart tests (#4454) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: Update Helm Readme For Log Params (#4457) Signed-off-by: Peter Swica <peter.swica@gusto.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * feat: github provider (#4459) Signed-off-by: Gustavo <gustavo@externalsecrets.com> * update: update Kubernetes tags for vault provider and change path default (#4452) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore(deps): bump mkdocs-material from 9.6.4 to 9.6.5 in /hack/api-docs (#4466) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.6.4 to 9.6.5. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.6.4...9.6.5) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: github secrets not creating new secrets (#4472) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: panic on parameterstore.go (#4471) * fix: panic on parameterstore.go Signed-off-by: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> * fixed lint error Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore(deps): bump sigstore/cosign-installer from 3.8.0 to 3.8.1 (#4462) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.8.0 to 3.8.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/c56c2d3e59e4281cc41dea2217323ba5694b171e...d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore(deps): bump actions/cache from 4.2.0 to 4.2.1 (#4463) Bumps [actions/cache](https://github.com/actions/cache) from 4.2.0 to 4.2.1. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/1bd1e32a3bdc45362d1e726936510720a7c30a57...0c907a75c2c80ebcb7f088228285e798b750cf8f) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 (#4464) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.4.0 to 2.4.1. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/62b2cac7ed8198b15735ed49ab1e5cf35480ba46...f49aabe0b5af0936a0987cfb85d86b75731b0186) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github/codeql-action from 3.28.9 to 3.28.10 (#4465) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.9 to 3.28.10. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0...b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * update dependencies (#4468) Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> * chore: update helm test for github (#4475) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * feat: 1password find by tags (#4476) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: do not return pointer to session from cache (#4478) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * chore: update helm charts to v0.14.3 (#4482) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore: stability-support.md (#4480) Fixes #4417 Signed-off-by: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix invalid quote (#4483) Signed-off-by: Aran Shavit <Aranshavit@gmail.com> * Improve documentation for webhook auth secrets (#4485) Add correct labels to secrets used for authentication in Webhook Providers Signed-off-by: Koenraad <koenraad@zimmo.be> * fix: removed unused vars from apis/generators/v1alpha1/register.go (#4477) * [feature] added Prometheus Status metric for the PushSecret objects (#4489) * [feature] added Prometheus Status metric for the PushSecret objects Signed-off-by: Nikolai Shmatenkov <nshmatenkov@allegion.com> * [feature] updated documentation Signed-off-by: Nikolai Shmatenkov <nshmatenkov@allegion.com> * Update docs/api/metrics.md Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Nikolai Shmatenkov <nshmatenkov@allegion.com> Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Co-authored-by: Nikolai Shmatenkov <nshmatenkov@allegion.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore(deps): bump mkdocs-material from 9.6.5 to 9.6.7 in /hack/api-docs (#4497) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.6.5 to 9.6.7. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.6.5...9.6.7) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump docker/setup-qemu-action from 3.4.0 to 3.6.0 (#4495) Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3.4.0 to 3.6.0. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/4574d27a4764455b42196d70a065bc6853246a25...29109295f81e9208d7d86ff1c6c12d2833863392) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore(deps): bump actions/attest-build-provenance from 2.2.0 to 2.2.2 (#4492) Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) from 2.2.0 to 2.2.2. - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/520d128f165991a6c774bcb264f323e3d70747f4...bd77c077858b8d561b7a36cbe48ef4cc642ca39d) --- updated-dependencies: - dependency-name: actions/attest-build-provenance dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump codecov/codecov-action from 5.3.1 to 5.4.0 (#4491) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5.3.1 to 5.4.0. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3...0565863a31f2c772f9f0395002a31e3f06189574) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump actions/cache from 4.2.1 to 4.2.2 (#4493) Bumps [actions/cache](https://github.com/actions/cache) from 4.2.1 to 4.2.2. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/0c907a75c2c80ebcb7f088228285e798b750cf8f...d4323d4df104b026a6aa633fdb11d772146be0bf) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump docker/setup-buildx-action from 3.9.0 to 3.10.0 (#4494) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.9.0 to 3.10.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca...b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ubi8/ubi from `881aaf5` to `ecbeb81` (#4496) Bumps ubi8/ubi from `881aaf5` to `ecbeb81`. --- updated-dependencies: - dependency-name: ubi8/ubi dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: disable managed cache for cluster scope if rbac is restricted (#4502) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: allow using UUID as vault and item name (#4490) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore: update dependencies (#4498) * update dependencies Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> * fix: update beyondtrust error message expectations Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> --------- Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com> * docs: update aws identity doc adding EKS pod identity flow (#4432) * docs: update aws identity doc adding EKS pod identity flow Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * updated according to comments Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * feat: Allow to specify tags when pushing to Azure Key Vault (#4507) * Set tags in azure key vault Signed-off-by: twobiers <22715034+twobiers@users.noreply.github.com> * Introduce a helper method to reduce cognitive complexity Signed-off-by: twobiers <22715034+twobiers@users.noreply.github.com> --------- Signed-off-by: twobiers <22715034+twobiers@users.noreply.github.com> * feat: enable pushing the entire secret with aws secrets manager (#4504) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: remove fmt.Println from code and test code (#4509) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: improve webhook provider PushSecret handling (#4508) * fix: improve webhook provider PushSecret handling Refactor Webhook provider so that the body can be specified as a template. This allows a secret to be sent to a web provider without requiring the web provider to accept the secret in whatever form the secret itself is in; the secret could be provided in a well-formed, provider-specific JSON blob. Signed-off-by: Billie Cleek <billie.cleek@lambdal.com> * maintain backward compatibility Keep backward compatibility by sending the secret in the body when the webhook provider's body field is empty. Signed-off-by: Billie Cleek <billie.cleek@lambdal.com> * docs: clarify Webhook PushSecret capability Clarify that the webhook provider makes the secret available on the remoteRef object so that it can be used in templates. Signed-off-by: Billie Cleek <billie.cleek@lambdal.com> * docs: clarify Webhook empty body capability Clarify how to send an empty body with the Webhook provider pushing a secret. Signed-off-by: Billie Cleek <billie.cleek@lambdal.com> --------- Signed-off-by: Billie Cleek <billie.cleek@lambdal.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix webhook provider docs (#4514) Wrap a code block in a raw template so that the template in the block will render as expected. Signed-off-by: Billie Cleek <billie.cleek@lambdal.com> * Updates to AAD and date update (#4512) * AAD to Microsoft Entra ID for consistency Signed-off-by: sneakernuts <671942+sneakernuts@users.noreply.github.com> * 2024 to 2025 Signed-off-by: sneakernuts <671942+sneakernuts@users.noreply.github.com> --------- Signed-off-by: sneakernuts <671942+sneakernuts@users.noreply.github.com> * allow references expansion when searching secret by key infinsical (#4486) * allow references expansion when searching secret by key Signed-off-by: Christophe Jauffret <reg-github@geo6.net> * add updated helm test for the crd Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Christophe Jauffret <reg-github@geo6.net> Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * use subtests in webprovider unit tests (#4511) * use subtests in webhook provider unit tests Use subtests in webhook provider unit tests to make it easier to identify failing tests as well as run them in isolation. Signed-off-by: Billie Cleek <billie.cleek@lambdal.com> * remove unnecessary newline to satisfy golangci-lint rules Signed-off-by: Billie Cleek <billie.cleek@lambdal.com> --------- Signed-off-by: Billie Cleek <billie.cleek@lambdal.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * feat: make vault auth an optional entry (#4516) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore(deps): bump github/codeql-action from 3.28.10 to 3.28.11 (#4521) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.10 to 3.28.11. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d...6bb031afdd8eb862ea3fc1848194185e076637e5) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump jinja2 from 3.1.5 to 3.1.6 in /hack/api-docs (#4523) Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.5 to 3.1.6. - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets/jinja/compare/3.1.5...3.1.6) --- updated-dependencies: - dependency-name: jinja2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump actions/attest-build-provenance from 2.2.2 to 2.2.3 (#4522) Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) from 2.2.2 to 2.2.3. - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/bd77c077858b8d561b7a36cbe48ef4cc642ca39d...c074443f1aee8d4aeeae555aebba3282517141b2) --- updated-dependencies: - dependency-name: actions/attest-build-provenance dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * update dependencies (#4528) Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * feat: update the go version 1.24 (#4525) * feat: update the go version 1.24 Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * update linter Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore: update helm charts to v0.14.4 (#4531) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * Fix certificate revisionHistoryLimit schema (#4534) * fix invalid quote Signed-off-by: Aran Shavit <Aranshavit@gmail.com> * fix schema Signed-off-by: Aran Shavit <Aranshavit@gmail.com> * change implementation so that default value will work Signed-off-by: Aran Shavit <Aranshavit@gmail.com> * ran make test.crds.update Signed-off-by: Aran Shavit <Aranshavit@gmail.com> --------- Signed-off-by: Aran Shavit <Aranshavit@gmail.com> * Improve Grafana generator integration with in-cluster Grafana (#4519) * Improve Grafana generator integration with in-cluster Grafana Signed-off-by: solidDoWant <fred.heinecke@yahoo.com> * Switch to URL parsing Signed-off-by: solidDoWant <fred.heinecke@yahoo.com> * rm unnecessary type conversion Signed-off-by: solidDoWant <fred.heinecke@yahoo.com> * `omitEmpty` -> `omitempty` Signed-off-by: solidDoWant <fred.heinecke@yahoo.com> --------- Signed-off-by: solidDoWant <fred.heinecke@yahoo.com> Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> * feat: introduce codeql scan for code sections (#4198) * chore(deps): bump the go_modules group across 2 directories with 1 update Bumps the go_modules group with 1 update in the / directory: [github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt). Bumps the go_modules group with 1 update in the /e2e directory: [github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt). Updates `github.com/golang-jwt/jwt/v4` from 4.5.0 to 4.5.1 - [Release notes](https://github.com/golang-jwt/jwt/releases) - [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md) - [Commits](https://github.com/golang-jwt/jwt/compare/v4.5.0...v4.5.1) Updates `github.com/golang-jwt/jwt/v4` from 4.5.0 to 4.5.1 - [Release notes](https://github.com/golang-jwt/jwt/releases) - [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md) - [Commits](https://github.com/golang-jwt/jwt/compare/v4.5.0...v4.5.1) --- updated-dependencies: - dependency-name: github.com/golang-jwt/jwt/v4 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/golang-jwt/jwt/v4 dependency-type: direct:production dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump tornado Bumps the pip group with 1 update in the /hack/api-docs directory: [tornado](https://github.com/tornadoweb/tornado). Updates `tornado` from 6.4.1 to 6.4.2 - [Changelog](https://github.com/tornadoweb/tornado/blob/v6.4.2/docs/releases.rst) - [Commits](https://github.com/tornadoweb/tornado/compare/v6.4.1...v6.4.2) --- updated-dependencies: - dependency-name: tornado dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] <support@github.com> * Create codeql.yml Signed-off-by: Seth J Landry <waymakerijn@outlook.com> * streamline the codeql action Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Seth J Landry <waymakerijn@outlook.com> Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * feat: add metadata setting to encode secrets as decoded values (#4535) * feat: add metadata setting to encode secrets as decoded values Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * Update docs/provider/aws-parameter-store.md Co-authored-by: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Co-authored-by: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> * Update full-pushsecret.yaml (#4547) Signed-off-by: Eitan1112 <52412573+Eitan1112@users.noreply.github.com> * chore(deps): bump mkdocs-material from 9.6.7 to 9.6.8 in /hack/api-docs (#4555) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.6.7 to 9.6.8. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.6.7...9.6.8) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump aquasecurity/trivy-action from 0.29.0 to 0.30.0 (#4550) Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.29.0 to 0.30.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/18f2510ee396bbf400402947b394f2dd8c87dbb0...6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump docker/login-action from 3.3.0 to 3.4.0 (#4551) Bumps [docker/login-action](https://github.com/docker/login-action) from 3.3.0 to 3.4.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/9780b0c442fbb1117ed29e0efdff1e18412f7567...74a5d142397b4f367a81961eba4e8cd7edddf772) --- updated-dependencies: - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump golangci/golangci-lint-action from 6.5.0 to 6.5.1 (#4552) Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 6.5.0 to 6.5.1. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/2226d7cb06a077cd73e56eedd38eecad18e5d837...4696ba8babb6127d732c3c6dde519db15edab9ea) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: skip none-existing keys (#4517) * fix: skip none-existing keys Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * remove empty key from the secret map Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore(deps): bump ubi8/ubi from `ecbeb81` to `5993454` (#4553) Bumps ubi8/ubi from `ecbeb81` to `5993454`. --- updated-dependencies: - dependency-name: ubi8/ubi dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: define top level permissions and fix token scope (#4543) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * Fix Grafana generator not passing desired SA role to creation request (#4533) Signed-off-by: solidDoWant <fred.heinecke@yahoo.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * chore(deps): bump distroless/static from `3f2b64e` to `95ea148` (#4554) Bumps distroless/static from `3f2b64e` to `95ea148`. --- updated-dependencies: - dependency-name: distroless/static dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * feat: non standard templating delimiters (#4558) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * update dependencies (#4556) Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> * feat: add cloud.ru secret manager support (#3716) * feat: add Cloud.ru provider Add a new SecretManager provider, which integrates with cloud.ru API and allows to interact with stored secrets. Signed-off-by: Dmitry Ivanov <dvivanov@cloud.ru> * feat: add cloudru documentation Signed-off-by: Dmitry Ivanov <dvivanov@cloud.ru> --------- Signed-off-by: Dmitry Ivanov <dvivanov@cloud.ru> * fix: check if secret is being deleted during fetch (#4562) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * feat: cluster push secret with pushing all secrets from a namespace (#4162) * feat: cluster push secret with pushing all secrets from a namespace Signed-off-by: Gergely Brautigam <182850+Skarlso@use…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
(cc @akhilmhdh)
Problem Statement
Previously, all of the HTTP requests in the Infisical provider did not handle HTTP errors. This resulted in plenty of mysterious problems where the provider seemed to be working, but would do things like return empty secrets due to empty values.
Related Issue
Fixes #4059
Proposed Changes
To address the problem, I made a number of changes:
api.gomethods to be simpler, and push most of the complexity into a commondo(...)for making API requestsapi.goI did some manual e2e testing with my Infisical instance:
SecretStorehad error:failed to authenticate via universal auth API error (404): error="No identity with specified client ID was found" message="NotFoundSecretStorehad error:cannot read secrets with provided project scope project:homelab-p-zl-t environment:prod secret-path:/ recursive:true, API error (403): error="You are not allowed to access th │ is resource" message="Identity is not a member of the specified project with ID '46b1cf70-bd3c-4677-8b04-1cfcb803edcf'"SecretStorehad error:cannot read secrets with provided project scope project:homelab-p-zl-t environment:prod secret-path:/ recursive:true, API error (403): error="You are not allowed to read on s │ ecrets" message="PermissionDenied", details=[]ExternalSecrethad error:(key: SECRET2), err: API error (403): error="You are not allowed to read on secrets" message="PermissionDenied", details=[{"action":["read"],"conditions":{"secretName":{"$eq":"SECRET1"}},"inverted":false,"subject":["secrets"]}]detailsare actuall a list of the policies for the API key's role (not the request). It may be helpful to use a different name on the error logs (e.g.role_policies) to clarify that, but honestly I don't see where Infisical has documentation about this. It's not included in their golang SDK.ExternalSecretsyncedChecklist
git commit --signoffmake testmake reviewable