Skip to content

feat: add ngrok provider#5160

Merged
Skarlso merged 25 commits intoexternal-secrets:mainfrom
jonstacks:ngrok-secrets
Sep 28, 2025
Merged

feat: add ngrok provider#5160
Skarlso merged 25 commits intoexternal-secrets:mainfrom
jonstacks:ngrok-secrets

Conversation

@jonstacks
Copy link
Copy Markdown
Contributor

@jonstacks jonstacks commented Aug 18, 2025
edited
Loading

Problem Statement

Add a ngrok provider for pushing k8s secrets to ngrok secrets to be used with traffic policy.

Related Issue

N/A

Proposed Changes

  • Adds a new ngrok provider with tests and documentation.

Checklist

  • I have read the contribution guidelines
  • All commits are signed with git commit --signoff
  • My changes have reasonable test coverage
  • All tests pass with make test
  • I ensured my PR is ready for review with make reviewable

@jonstacks jonstacks requested a review from a team as a code owner August 18, 2025 16:10
@jonstacks jonstacks requested a review from knelasevero August 18, 2025 16:10
@Skarlso
Copy link
Copy Markdown
Contributor

Skarlso commented Aug 18, 2025

Hello! :)

Please update stability-support.md and also you have to link the provider documentation under hack/api-docs/mkdocs.yaml file so it shows up on the website.

@gusfcarvalho
Copy link
Copy Markdown
Member

gusfcarvalho commented Aug 18, 2025

Hello! :)

Please update stability-support.md and also you have to link the provider documentation under hack/api-docs/mkdocs.yaml file so it shows up on the website.

Also worth it - if you are not willing to maintain it @jonstacks , we need to find someone (maybe ngrok itself) that is willing to. As this would be a community maintained provider - until changed by our governance model - we need to have someone responsible for addressing new feature requests and non-critical bug-fixes.

@jonstacks
Copy link
Copy Markdown
Contributor Author

jonstacks commented Aug 18, 2025

Hello :)

Thank you both for the good call outs. I'll get those files updated.

I work at ngrok and am willing to maintain the provider for now. I'll figure out if one of our teams can own maintaining it longer term too.

gusfcarvalho
gusfcarvalho reviewed Aug 19, 2025
View reviewed changes
gusfcarvalho
gusfcarvalho reviewed Aug 19, 2025
View reviewed changes
gusfcarvalho
gusfcarvalho reviewed Aug 19, 2025
View reviewed changes
gusfcarvalho
gusfcarvalho reviewed Aug 19, 2025
View reviewed changes
@jonstacks jonstacks mentioned this pull request Aug 19, 2025
Merged
5 tasks
jakobmoellerdev
jakobmoellerdev reviewed Aug 20, 2025
View reviewed changes
@Skarlso Skarlso mentioned this pull request Aug 20, 2025
Closed
@jonstacks
Copy link
Copy Markdown
Contributor Author

jonstacks commented Aug 26, 2025

I think I've addressed all of the comments and this should be good to go for another round of reviews.

@Skarlso Skarlso changed the title feat: Add ngrok provider feat: add ngrok provider Aug 27, 2025
@Skarlso Skarlso moved this to In Review in External Secrets Aug 27, 2025
@github-actions github-actions bot added kind/documentation Categorizes issue or PR as related to documentation. kind/dependency dependabot and upgrades size/l kind/feature Categorizes issue or PR as related to a new feature. labels Aug 27, 2025
@Skarlso Skarlso added kind/documentation Categorizes issue or PR as related to documentation. kind/dependency dependabot and upgrades and removed kind/documentation Categorizes issue or PR as related to documentation. kind/dependency dependabot and upgrades labels Aug 27, 2025
@Skarlso
Copy link
Copy Markdown
Contributor

Skarlso commented Aug 27, 2025

At first, I thought the doc and dep are invalid labels. But actually, this is modifying go mod and the docs folder. :) So I allow it. :D

Skarlso
Skarlso reviewed Aug 27, 2025
View reviewed changes
@jonstacks
chore: Upgrade ngrok-api-go version
59df20d 
This newer version supports getting secrets scoped to a particular vault

Signed-off-by: Jonathan Stacks <jonstacks@users.noreply.github.com>
@jonstacks
refactor(ngrok): Cache the vault ID
a649f3c 
Cache the vault ID to reduce the number of API calls needed to be made when pushing secrets.
Also, change the tests to ginkgo as it makes some of the more complex
scenairos easier to test.

Signed-off-by: Jonathan Stacks <jonstacks@users.noreply.github.com>
@jonstacks
feat(ngrok): Add codeowners entry for ngrok provider
eff2432 
Signed-off-by: Jonathan Stacks <jonstacks@users.noreply.github.com>
@jonstacks
fix(ngrok): Update license for check
e17c0e8 
Signed-off-by: Jonathan Stacks <jonstacks@users.noreply.github.com>
@jonstacks
fix(ngrok): Address code review feedback
6eab85c 
Signed-off-by: Jonathan Stacks <jonstacks@users.noreply.github.com>
jakobmoellerdev
jakobmoellerdev reviewed Sep 24, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@jakobmoellerdev jakobmoellerdev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think for me this is LGTM when you remove the 2 defensive guard checks

@jonstacks
refactor(ngrok): Remove defensive guard checks
2f826f6 
Signed-off-by: Jonathan Stacks <jonstacks@users.noreply.github.com>
@jonstacks
Copy link
Copy Markdown
Contributor Author

jonstacks commented Sep 24, 2025

@jakobmoellerdev thanks for the re-review. I've removed those guard checks. Let me know if there is anything else needed

jakobmoellerdev
jakobmoellerdev previously approved these changes Sep 24, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@jakobmoellerdev jakobmoellerdev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PTAL @Skarlso

Skarlso
Skarlso reviewed Sep 26, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@Skarlso Skarlso left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have a couple of questions, please take a peek. :)

@jonstacks
Merge remote-tracking branch 'upstream/main' into ngrok-secrets
746392c
@jonstacks
fix(ngrok): Address code review feedback pt.2
a9eefb0 
Address more code review comments:
* Add a context with timeout for list calls
* Remove redundant set for vault ID
* Add //+optional code marker

Signed-off-by: Jonathan Stacks <jonstacks@users.noreply.github.com>
@jonstacks
Copy link
Copy Markdown
Contributor Author

jonstacks commented Sep 26, 2025

Thank you @Skarlso, I think I've correctly addressed them. Let me know if there is anything else that needs to be changed.

@Skarlso
Copy link
Copy Markdown
Contributor

Skarlso commented Sep 27, 2025

Thanks!

@jonstacks
fix(ngrok): re-generate docs to fix diff
568d645 
Signed-off-by: Jonathan Stacks <jonstacks@users.noreply.github.com>
@jonstacks
Copy link
Copy Markdown
Contributor Author

jonstacks commented Sep 27, 2025

@Skarlso,

I forgot to re-gen the docs after the // +optional change 🤦‍♂️ . It should be good to go now.

Skarlso and others added 2 commits September 28, 2025 18:07
@Skarlso
Merge branch 'main' into ngrok-secrets
cce0288
@Skarlso
run make test.crds.update
3e48099 
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Sep 28, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@Skarlso Skarlso merged commit a7e4dfa into external-secrets:main Sep 28, 2025
31 checks passed
@github-project-automation github-project-automation bot moved this from In Review to Done in External Secrets Sep 28, 2025
@Skarlso
Copy link
Copy Markdown
Contributor

Skarlso commented Sep 28, 2025

Thank you very much and thanks for baring with the process! 🙇

SamuelMolling pushed a commit to SamuelMolling/external-secrets that referenced this pull request Oct 24, 2025
@jonstacks @gusfcarvalho
@jakobmoellerdev @Skarlso @SamuelMolling
feat: add ngrok provider (external-secrets#5160)
94d81bc 
* feat: Add ngrok provider

Signed-off-by: Jonathan Stacks <jonstacks@users.noreply.github.com>

* chore: Update stability support

Signed-off-by: Jonathan Stacks <jonstacks@users.noreply.github.com>

* Update pkg/provider/ngrok/provider.go

Co-authored-by: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com>
Signed-off-by: Jonathan Stacks <jonstacks@users.noreply.github.com>

* feat(ngrok): Move to a more flexible auth

As suggested during code review, our API only supports key based authentication, but let's leave it flexible in case that changes in the future

Signed-off-by: Jonathan Stacks <jonstacks@users.noreply.github.com>

* fix(ngrok): Remove unneeded ctx.Done()

Signed-off-by: Jonathan Stacks <jonstacks@users.noreply.github.com>

* refactor(ngrok): Only marshall the whole secret if the secret key is not provided

Signed-off-by: Jonathan Stacks <jonstacks@users.noreply.github.com>

* refactor(ngrok): Reduce error nesting

Signed-off-by: Jonathan Stacks <jonstacks@users.noreply.github.com>

* refactor(ngrok): Make vault configuration more easily changed later

I'm not sure if we'll need to support finding vaults by things like identifiers in the future or not

Signed-off-by: Jonathan Stacks <jonstacks@users.noreply.github.com>

* fix(ngrok): Parse push secret metadata correctly

Signed-off-by: Jonathan Stacks <jonstacks@users.noreply.github.com>

* tests(ngrok): Add more tests

Signed-off-by: Jonathan Stacks <jonstacks@users.noreply.github.com>

* Update pkg/provider/ngrok/client.go

Co-authored-by: Jakob Möller <contact@jakob-moeller.com>
Signed-off-by: Jonathan Stacks <jonstacks@users.noreply.github.com>

* fix(ngrok): Consider secrets deleted if they no longer exist

Signed-off-by: Jonathan Stacks <jonstacks@users.noreply.github.com>

* refactor(ngrok): Reduce error nesting again

Signed-off-by: Jonathan Stacks <jonstacks@users.noreply.github.com>

* chore: Upgrade ngrok-api-go version

This newer version supports getting secrets scoped to a particular vault

Signed-off-by: Jonathan Stacks <jonstacks@users.noreply.github.com>

* refactor(ngrok): Cache the vault ID

Cache the vault ID to reduce the number of API calls needed to be made when pushing secrets.
Also, change the tests to ginkgo as it makes some of the more complex
scenairos easier to test.

Signed-off-by: Jonathan Stacks <jonstacks@users.noreply.github.com>

* feat(ngrok): Add codeowners entry for ngrok provider

Signed-off-by: Jonathan Stacks <jonstacks@users.noreply.github.com>

* fix(ngrok): Update license for check

Signed-off-by: Jonathan Stacks <jonstacks@users.noreply.github.com>

* fix(ngrok): Address code review feedback

Signed-off-by: Jonathan Stacks <jonstacks@users.noreply.github.com>

* refactor(ngrok): Remove defensive guard checks

Signed-off-by: Jonathan Stacks <jonstacks@users.noreply.github.com>

* fix(ngrok): Address code review feedback pt.2

Address more code review comments:
* Add a context with timeout for list calls
* Remove redundant set for vault ID
* Add //+optional code marker

Signed-off-by: Jonathan Stacks <jonstacks@users.noreply.github.com>

* fix(ngrok): re-generate docs to fix diff

Signed-off-by: Jonathan Stacks <jonstacks@users.noreply.github.com>

* run make test.crds.update

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: Jonathan Stacks <jonstacks@users.noreply.github.com>
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Co-authored-by: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com>
Co-authored-by: Jakob Möller <contact@jakob-moeller.com>
Co-authored-by: Gergely Brautigam <skarlso777@gmail.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: Samuel Molling <samuelmolling@gmail.com>
@Skarlso Skarlso mentioned this pull request Dec 4, 2025
Closed
@rbstp rbstp mentioned this pull request Dec 10, 2025
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Skarlso Skarlso Skarlso approved these changes

@jakobmoellerdev jakobmoellerdev jakobmoellerdev left review comments

@knelasevero knelasevero Awaiting requested review from knelasevero knelasevero was automatically assigned from external-secrets/maintainers

@gusfcarvalho gusfcarvalho Awaiting requested review from gusfcarvalho

Assignees

No one assigned

Labels

kind/dependency dependabot and upgrades kind/documentation Categorizes issue or PR as related to documentation. kind/feature Categorizes issue or PR as related to a new feature. size/l

Projects

External Secrets
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jonstacks @Skarlso @gusfcarvalho @jakobmoellerdev