diff --git a/common/.github/workflows/superlinter.yml b/common/.github/workflows/superlinter.yml index 55acbdb0..03b6fff9 100644 --- a/common/.github/workflows/superlinter.yml +++ b/common/.github/workflows/superlinter.yml @@ -21,7 +21,7 @@ jobs: # Run Linter against code base # ################################ - name: Lint Code Base - uses: github/super-linter/slim@v6 + uses: super-linter/super-linter/slim@v7 env: VALIDATE_ALL_CODEBASE: true DEFAULT_BRANCH: main @@ -31,10 +31,13 @@ jobs: VALIDATE_BASH: false VALIDATE_CHECKOV: false VALIDATE_JSCPD: false + VALIDATE_JSON_PRETTIER: false + VALIDATE_MARKDOWN_PRETTIER: false VALIDATE_KUBERNETES_KUBECONFORM: false VALIDATE_PYTHON_PYLINT: false VALIDATE_SHELL_SHFMT: false VALIDATE_YAML: false + VALIDATE_YAML_PRETTIER: false # VALIDATE_DOCKERFILE_HADOLINT: false # VALIDATE_MARKDOWN: false # VALIDATE_NATURAL_LANGUAGE: false diff --git a/common/Changes.md b/common/Changes.md index ed7d4bf6..8ade8ad6 100644 --- a/common/Changes.md +++ b/common/Changes.md @@ -124,7 +124,7 @@ ## October 3, 2022 * Restore the ability to install a non-default site: `make TARGET_SITE=mysite install` -* Revised tests (new output and filenames, requires adding new result files to git) +* Revised tests (new output and filenames, requires adding new result files to Git) * ACM 2.6 required for ACM-based managed sites * Introduced global.clusterDomain template variable (without the `apps.` prefix) * Removed the ability to send specific charts to another cluster, use hosted argo sites instead diff --git a/common/Makefile b/common/Makefile index e0f0c11b..785e5307 100644 --- a/common/Makefile +++ b/common/Makefile @@ -238,15 +238,18 @@ super-linter: ## Runs super linter locally -e VALIDATE_CHECKOV=false \ -e VALIDATE_DOCKERFILE_HADOLINT=false \ -e VALIDATE_JSCPD=false \ + -e VALIDATE_JSON_PRETTIER=false \ + -e VALIDATE_MARKDOWN_PRETTIER=false \ -e VALIDATE_KUBERNETES_KUBECONFORM=false \ -e VALIDATE_PYTHON_PYLINT=false \ -e VALIDATE_SHELL_SHFMT=false \ -e VALIDATE_TEKTON=false \ -e VALIDATE_YAML=false \ + -e VALIDATE_YAML_PRETTIER=false \ $(DISABLE_LINTERS) \ -v $(PWD):/tmp/lint:rw,z \ -w /tmp/lint \ - ghcr.io/super-linter/super-linter:slim-v6 + ghcr.io/super-linter/super-linter:slim-v7 .PHONY: ansible-lint ansible-lint: ## run ansible lint on ansible/ folder diff --git a/common/acm/Chart.yaml b/common/acm/Chart.yaml index 31fa54ea..3a7663b4 100644 --- a/common/acm/Chart.yaml +++ b/common/acm/Chart.yaml @@ -3,4 +3,4 @@ description: A Helm chart to configure Advanced Cluster Manager for OpenShift. keywords: - pattern name: acm -version: 0.1.0 +version: 0.1.1 diff --git a/common/acm/templates/policies/ocp-gitops-policy.yaml b/common/acm/templates/policies/ocp-gitops-policy.yaml index cdc0a7e1..753e4447 100644 --- a/common/acm/templates/policies/ocp-gitops-policy.yaml +++ b/common/acm/templates/policies/ocp-gitops-policy.yaml @@ -35,10 +35,10 @@ spec: labels: operators.coreos.com/openshift-gitops-operator.openshift-operators: '' spec: - channel: {{ default "gitops-1.12" .Values.main.gitops.channel }} + channel: {{ default "gitops-1.13" .Values.main.gitops.channel }} installPlanApproval: Automatic name: openshift-gitops-operator - source: redhat-operators + source: {{ default "redhat-operators" .Values.main.gitops.operatorSource }} sourceNamespace: openshift-marketplace config: env: diff --git a/common/acm/values.yaml b/common/acm/values.yaml index ec3b5746..ff5777da 100644 --- a/common/acm/values.yaml +++ b/common/acm/values.yaml @@ -1,6 +1,6 @@ main: gitops: - channel: "gitops-1.12" + channel: "gitops-1.13" global: extraValueFiles: [] diff --git a/common/ansible/plugins/filter/parse_acm_secrets.py b/common/ansible/plugins/filter/parse_acm_secrets.py index 0445d96d..1c5148e3 100644 --- a/common/ansible/plugins/filter/parse_acm_secrets.py +++ b/common/ansible/plugins/filter/parse_acm_secrets.py @@ -79,5 +79,6 @@ def parse_acm_secrets(secrets): class FilterModule: + def filters(self): return {"parse_acm_secrets": parse_acm_secrets} diff --git a/common/ansible/plugins/module_utils/load_secrets_v1.py b/common/ansible/plugins/module_utils/load_secrets_v1.py index 6478ac26..8b89d85a 100644 --- a/common/ansible/plugins/module_utils/load_secrets_v1.py +++ b/common/ansible/plugins/module_utils/load_secrets_v1.py @@ -26,6 +26,7 @@ class LoadSecretsV1: + def __init__( self, module, diff --git a/common/ansible/plugins/module_utils/load_secrets_v2.py b/common/ansible/plugins/module_utils/load_secrets_v2.py index 05a5917e..46cdcffa 100644 --- a/common/ansible/plugins/module_utils/load_secrets_v2.py +++ b/common/ansible/plugins/module_utils/load_secrets_v2.py @@ -40,6 +40,7 @@ class LoadSecretsV2: + def __init__(self, module, syaml, namespace, pod): self.module = module self.namespace = namespace diff --git a/common/ansible/plugins/module_utils/parse_secrets_v2.py b/common/ansible/plugins/module_utils/parse_secrets_v2.py index 512f75ef..f88579b6 100644 --- a/common/ansible/plugins/module_utils/parse_secrets_v2.py +++ b/common/ansible/plugins/module_utils/parse_secrets_v2.py @@ -42,6 +42,7 @@ class ParseSecretsV2: + def __init__(self, module, syaml, secrets_backing_store): self.module = module self.syaml = syaml diff --git a/common/ansible/plugins/modules/vault_load_parsed_secrets.py b/common/ansible/plugins/modules/vault_load_parsed_secrets.py index 0a6aa146..f5acdc86 100644 --- a/common/ansible/plugins/modules/vault_load_parsed_secrets.py +++ b/common/ansible/plugins/modules/vault_load_parsed_secrets.py @@ -82,6 +82,7 @@ class VaultSecretLoader: + def __init__( self, module, diff --git a/common/ansible/roles/iib_ci/README.md b/common/ansible/roles/iib_ci/README.md index 8c654dbb..de4b4107 100644 --- a/common/ansible/roles/iib_ci/README.md +++ b/common/ansible/roles/iib_ci/README.md @@ -1,6 +1,6 @@ # IIB Utilities -A set of ansible plays to fetch an IIB (Image Index Bundle, aka a container created by the operator sdk +A set of ansible plays to fetch an IIB (Image Index Bundle, aka a container created by the operator SDK that contains a bunch of references to operators that can be installed in an OpenShift cluster) Run `ansible-playbook common/ansible/playbooks/iib-ci/lookup.yml` to see which IIBs are available (defaults to diff --git a/common/ansible/roles/vault_utils/README.md b/common/ansible/roles/vault_utils/README.md index 7198752c..ba26c702 100644 --- a/common/ansible/roles/vault_utils/README.md +++ b/common/ansible/roles/vault_utils/README.md @@ -40,6 +40,17 @@ unseal_namespace: "imperative" This relies on [kubernetes.core](https://docs.ansible.com/ansible/latest/collections/kubernetes/core/k8s_module.html) +## Vault out of the box configuration + +This role configures four secret paths in vault: + +1. `secret/global` - Any secret under this path is accessible in read-only only to all clusters known to ACM (hub and spokes) +2. `secret/hub` - Any secret under this path is accessible in read-only only to the ACM hub cluster +3. `secret/` - Any secret under this path is accessible in read-only only to the spoke cluster +4. `secret/pushsecrets` - Any secret here can be accessed in read and write mode to all clusters known to ACM. This area can + be used with ESO's `PushSecrets` so you can push an existing secret from one namespace, to the vault under this path and + then it can be retrieved by an `ExternalSecret` either in a different namespace *or* from an entirely different cluster. + ## Values secret file format Currently this role supports two formats: version 1.0 (which is the assumed @@ -55,49 +66,9 @@ By default, the first file that will looked up is The paths can be overridden by setting the environment variable `VALUES_SECRET` to the path of the secret file. -The values secret yaml files can be encrypted with `ansible-vault`. If the role detects they are encrypted, the password to +The values secret YAML files can be encrypted with `ansible-vault`. If the role detects they are encrypted, the password to decrypt them will be prompted when needed. -### Version 1.0 - -Here is a well-commented example of a version 1.0 file: - -```yaml ---- -# By default when a top-level 'version: 1.0' is missing it is assumed to be '1.0' -# NEVER COMMIT THESE VALUES TO GIT - -secrets: - # These secrets will be pushed in the vault at secret/hub/test The vault will - # have secret/hub/test with secret1 and secret2 as keys with their associated - # values (secrets) - test: - secret1: foo - secret2: bar - - # This ends up as the s3Secret attribute to the path secret/hub/aws - aws: - s3Secret: test-secret - -# This will create the vault key secret/hub/testfoo which will have two -# properties 'b64content' and 'content' which will be the base64-encoded -# content and the normal content respectively -files: - testfoo: ~/ca.crt -# These secrets will be pushed in the vault at secret/region1/test The vault will -# have secret/region1/test with secret1 and secret2 as keys with their associated -# values (secrets) -secrets.region1: - test: - secret1: foo1 - secret2: bar1 -# This will create the vault key secret/region2/testbar which will have two -# properties 'b64content' and 'content' which will be the base64-encoded -# content and the normal content respectively -files.region2: - testbar: ~/ca.crt -``` - ### Version 2.0 Here is a version 2.0 example file (specifying `version: 2.0` is mandatory in this case): @@ -210,6 +181,46 @@ secrets: ini_key: aws_secret_access_key ``` +### Version 1.0 + +Here is a well-commented example of a version 1.0 file: + +```yaml +--- +# By default when a top-level 'version: 1.0' is missing it is assumed to be '1.0' +# NEVER COMMIT THESE VALUES TO GIT + +secrets: + # These secrets will be pushed in the vault at secret/hub/test The vault will + # have secret/hub/test with secret1 and secret2 as keys with their associated + # values (secrets) + test: + secret1: foo + secret2: bar + + # This ends up as the s3Secret attribute to the path secret/hub/aws + aws: + s3Secret: test-secret + +# This will create the vault key secret/hub/testfoo which will have two +# properties 'b64content' and 'content' which will be the base64-encoded +# content and the normal content respectively +files: + testfoo: ~/ca.crt +# These secrets will be pushed in the vault at secret/region1/test The vault will +# have secret/region1/test with secret1 and secret2 as keys with their associated +# values (secrets) +secrets.region1: + test: + secret1: foo1 + secret2: bar1 +# This will create the vault key secret/region2/testbar which will have two +# properties 'b64content' and 'content' which will be the base64-encoded +# content and the normal content respectively +files.region2: + testbar: ~/ca.crt +``` + Internals --------- diff --git a/common/ansible/roles/vault_utils/defaults/main.yml b/common/ansible/roles/vault_utils/defaults/main.yml index 4d263223..7759db48 100644 --- a/common/ansible/roles/vault_utils/defaults/main.yml +++ b/common/ansible/roles/vault_utils/defaults/main.yml @@ -17,6 +17,8 @@ vault_spoke_capabilities: '[\\\"read\\\"]' vault_spoke_ttl: "15m" vault_global_policy: global vault_global_capabilities: '[\\\"read\\\"]' +vault_pushsecrets_policy: pushsecrets +vault_pushsecrets_capabilities: '[\\\"create\\\",\\\"read\\\",\\\"update\\\",\\\"delete\\\"]' external_secrets_ns: golang-external-secrets external_secrets_sa: golang-external-secrets external_secrets_secret: golang-external-secrets diff --git a/common/ansible/roles/vault_utils/tasks/vault_secrets_init.yaml b/common/ansible/roles/vault_utils/tasks/vault_secrets_init.yaml index 35327d58..8a098a7c 100644 --- a/common/ansible/roles/vault_utils/tasks/vault_secrets_init.yaml +++ b/common/ansible/roles/vault_utils/tasks/vault_secrets_init.yaml @@ -71,6 +71,28 @@ pod: "{{ vault_pod }}" command: "vault policy write {{ vault_global_policy }}-secret /tmp/policy-{{ vault_global_policy }}.hcl" +- name: Configure VP pushsecrets policy template + kubernetes.core.k8s_exec: + namespace: "{{ vault_ns }}" + pod: "{{ vault_pod }}" + command: > + bash -e -c "echo \"path \\\"secret/data/{{ vault_pushsecrets_policy }}/*\\\" { + capabilities = {{ vault_pushsecrets_capabilities }} }\" > /tmp/policy-{{ vault_pushsecrets_policy }}.hcl" + +- name: Add metadata path to the pushsecrets policy + kubernetes.core.k8s_exec: + namespace: "{{ vault_ns }}" + pod: "{{ vault_pod }}" + command: > + bash -e -c "echo \"path \\\"secret/metadata/{{ vault_pushsecrets_policy }}/*\\\" { + capabilities = {{ vault_pushsecrets_capabilities }} }\" >> /tmp/policy-{{ vault_pushsecrets_policy }}.hcl" + +- name: Configure VP pushsecrets policy + kubernetes.core.k8s_exec: + namespace: "{{ vault_ns }}" + pod: "{{ vault_pod }}" + command: "vault policy write {{ vault_pushsecrets_policy }}-secret /tmp/policy-{{ vault_pushsecrets_policy }}.hcl" + - name: Configure policy template for hub kubernetes.core.k8s_exec: namespace: "{{ vault_ns }}" @@ -93,4 +115,4 @@ vault write auth/"{{ vault_hub }}"/role/"{{ vault_hub }}"-role bound_service_account_names="{{ external_secrets_sa }}" bound_service_account_namespaces="{{ external_secrets_ns }}" - policies="default,{{ vault_global_policy }}-secret,{{ vault_hub }}-secret" ttl="{{ vault_hub_ttl }}" + policies="default,{{ vault_global_policy }}-secret,{{ vault_pushsecrets_policy }}-secret,{{ vault_hub }}-secret" ttl="{{ vault_hub_ttl }}" diff --git a/common/ansible/roles/vault_utils/tasks/vault_spokes_init.yaml b/common/ansible/roles/vault_utils/tasks/vault_spokes_init.yaml index 060378bc..bafe490b 100644 --- a/common/ansible/roles/vault_utils/tasks/vault_spokes_init.yaml +++ b/common/ansible/roles/vault_utils/tasks/vault_spokes_init.yaml @@ -157,7 +157,7 @@ loop_control: label: "{{ item.key }}" -- name: Configure policy template +- name: Configure spoke policy template kubernetes.core.k8s_exec: namespace: "{{ vault_ns }}" pod: "{{ vault_pod }}" @@ -171,6 +171,34 @@ loop_control: label: "{{ item.key }}" +- name: Configure spoke pushsecrets policy template + kubernetes.core.k8s_exec: + namespace: "{{ vault_ns }}" + pod: "{{ vault_pod }}" + command: > + bash -e -c "echo \"path \\\"secret/data/{{ vault_pushsecrets_policy }}/*\\\" { + capabilities = {{ vault_pushsecrets_capabilities }} }\" >> /tmp/policy-{{ item.value['vault_path'] }}.hcl" + loop: "{{ clusters_info | dict2items }}" + when: + - item.value['esoToken'] is defined + - item.key != "local-cluster" + loop_control: + label: "{{ item.key }}" + +- name: Configure spoke pushsecrets metadata policy template + kubernetes.core.k8s_exec: + namespace: "{{ vault_ns }}" + pod: "{{ vault_pod }}" + command: > + bash -e -c "echo \"path \\\"secret/metadata/{{ vault_pushsecrets_policy }}/*\\\" { + capabilities = {{ vault_pushsecrets_capabilities }} }\" >> /tmp/policy-{{ item.value['vault_path'] }}.hcl" + loop: "{{ clusters_info | dict2items }}" + when: + - item.value['esoToken'] is defined + - item.key != "local-cluster" + loop_control: + label: "{{ item.key }}" + - name: Configure policy for spokes kubernetes.core.k8s_exec: namespace: "{{ vault_ns }}" @@ -191,7 +219,7 @@ vault write auth/"{{ item.value['vault_path'] }}"/role/"{{ item.value['vault_path'] }}"-role bound_service_account_names="{{ external_secrets_sa }}" bound_service_account_namespaces="{{ external_secrets_ns }}" - policies="default,{{ vault_global_policy }}-secret,{{ item.value['vault_path'] }}-secret" ttl="{{ vault_spoke_ttl }}" + policies="default,{{ vault_global_policy }}-secret,{{ vault_pushsecrets_policy }}-secret,{{ item.value['vault_path'] }}-secret" ttl="{{ vault_spoke_ttl }}" loop: "{{ clusters_info | dict2items }}" when: - item.value['esoToken'] is defined diff --git a/common/ansible/tests/unit/test_ini_file.py b/common/ansible/tests/unit/test_ini_file.py index e92280cb..6c30fdbb 100644 --- a/common/ansible/tests/unit/test_ini_file.py +++ b/common/ansible/tests/unit/test_ini_file.py @@ -29,6 +29,7 @@ class TestMyModule(unittest.TestCase): + def setUp(self): self.testdir_v2 = os.path.join(os.path.dirname(os.path.abspath(__file__)), "v2") diff --git a/common/ansible/tests/unit/test_parse_secrets.py b/common/ansible/tests/unit/test_parse_secrets.py index 0cfef1b6..2dab5716 100644 --- a/common/ansible/tests/unit/test_parse_secrets.py +++ b/common/ansible/tests/unit/test_parse_secrets.py @@ -62,6 +62,7 @@ def set_module_args(args): class BytesEncoder(json.JSONEncoder): + def default(self, o): if isinstance(o, bytes): return base64.b64encode(o).decode("ascii") @@ -113,6 +114,7 @@ def fail_json(*args, **kwargs): @mock.patch("getpass.getpass") class TestMyModule(unittest.TestCase): + def create_inifile(self): self.inifile = open("/tmp/awscredentials", "w") config = configparser.ConfigParser() diff --git a/common/ansible/tests/unit/test_vault_load_parsed_secrets.py b/common/ansible/tests/unit/test_vault_load_parsed_secrets.py index 1a449739..66ec6b69 100644 --- a/common/ansible/tests/unit/test_vault_load_parsed_secrets.py +++ b/common/ansible/tests/unit/test_vault_load_parsed_secrets.py @@ -70,6 +70,7 @@ def fail_json(*args, **kwargs): class TestMyModule(unittest.TestCase): + def setUp(self): self.mock_module_helper = patch.multiple( basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json diff --git a/common/ansible/tests/unit/test_vault_load_secrets.py b/common/ansible/tests/unit/test_vault_load_secrets.py index 12deeb3f..03d25d8c 100644 --- a/common/ansible/tests/unit/test_vault_load_secrets.py +++ b/common/ansible/tests/unit/test_vault_load_secrets.py @@ -74,6 +74,7 @@ def fail_json(*args, **kwargs): class TestMyModule(unittest.TestCase): + def setUp(self): self.mock_module_helper = patch.multiple( basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json diff --git a/common/ansible/tests/unit/test_vault_load_secrets_v2.py b/common/ansible/tests/unit/test_vault_load_secrets_v2.py index d0e5881c..7b934320 100644 --- a/common/ansible/tests/unit/test_vault_load_secrets_v2.py +++ b/common/ansible/tests/unit/test_vault_load_secrets_v2.py @@ -77,6 +77,7 @@ def fail_json(*args, **kwargs): @mock.patch("getpass.getpass") class TestMyModule(unittest.TestCase): + def create_inifile(self): self.inifile = open("/tmp/awscredentials", "w") config = configparser.ConfigParser() diff --git a/common/clustergroup/Chart.yaml b/common/clustergroup/Chart.yaml index b2d703a2..2bacbfc5 100644 --- a/common/clustergroup/Chart.yaml +++ b/common/clustergroup/Chart.yaml @@ -3,4 +3,4 @@ description: A Helm chart to create per-clustergroup ArgoCD applications and any keywords: - pattern name: clustergroup -version: 0.8.10 +version: 0.8.12 diff --git a/common/clustergroup/values.schema.json b/common/clustergroup/values.schema.json index 384f79ef..2fbe3421 100644 --- a/common/clustergroup/values.schema.json +++ b/common/clustergroup/values.schema.json @@ -81,6 +81,10 @@ "revision" ], "properties": { + "repoUpstreamURL": { + "type": "string", + "description": "Upstream URL of the pattern's git repository. When set an in-cluster gitea instance gets spawned and repoURL is ignored" + }, "repoURL": { "type": "string", "description": "URL of the pattern's git repository" @@ -93,21 +97,43 @@ }, "gitops": { "type": "object", - "additionalProperties": false, + "additionalProperties": true, "properties": { "channel": { "type": "string", "description": "The channel from which to install the gitops operator" + }, + "operatorSource": { + "type": "string", + "description": "The catalog source from which to install the gitops operator" + } + } + }, + "patternsOperator": { + "type": "object", + "additionalProperties": true, + "properties": { + "channel": { + "type": "string", + "description": "The channel from which to install the patterns operator" + }, + "source": { + "type": "string", + "description": "The catalog source from which to install the patterns operator" } } }, "multiSourceConfig": { "type": "object", - "additionalProperties": false, + "additionalProperties": true, "properties": { "enabled": { "type": "boolean", - "description": "Enable the experimental support for multi source" + "description": "Enable the experimental support for multi source for the clustergroup chart" + }, + "helmRepoUrl": { + "type": "string", + "description": "The helm repo URL for the clustergroup chart" } } }, diff --git a/common/golang-external-secrets/Chart.yaml b/common/golang-external-secrets/Chart.yaml index 0bcc381d..3b3a0133 100644 --- a/common/golang-external-secrets/Chart.yaml +++ b/common/golang-external-secrets/Chart.yaml @@ -3,9 +3,9 @@ description: A Helm chart to configure the golang-based external-secrets. keywords: - pattern name: golang-external-secrets -version: 0.1.1 +version: 0.1.2 dependencies: - name: external-secrets - version: "0.9.20" + version: "0.10.0" repository: "https://charts.external-secrets.io" #"https://external-secrets.github.io/kubernetes-external-secrets" diff --git a/common/golang-external-secrets/README.md b/common/golang-external-secrets/README.md index 4316d3a1..b6feb981 100644 --- a/common/golang-external-secrets/README.md +++ b/common/golang-external-secrets/README.md @@ -11,7 +11,7 @@ we just override the tag with the version + "-ubi" 3. Run `./update-helm-dependency.sh` 4. Tweak `values.yaml` with the new image versions 5. Run `make test` -6. Commit to git +6. Commit to Git ## PRs diff --git a/common/golang-external-secrets/charts/external-secrets-0.10.0.tgz b/common/golang-external-secrets/charts/external-secrets-0.10.0.tgz new file mode 100644 index 00000000..28d7b4a5 Binary files /dev/null and b/common/golang-external-secrets/charts/external-secrets-0.10.0.tgz differ diff --git a/common/golang-external-secrets/charts/external-secrets-0.9.20.tgz b/common/golang-external-secrets/charts/external-secrets-0.9.20.tgz deleted file mode 100644 index f73d3475..00000000 Binary files a/common/golang-external-secrets/charts/external-secrets-0.9.20.tgz and /dev/null differ diff --git a/common/golang-external-secrets/values.yaml b/common/golang-external-secrets/values.yaml index 5ccc6266..62a6673b 100644 --- a/common/golang-external-secrets/values.yaml +++ b/common/golang-external-secrets/values.yaml @@ -37,10 +37,10 @@ clusterGroup: external-secrets: image: - tag: v0.9.20-ubi + tag: v0.10.0-ubi webhook: image: - tag: v0.9.20-ubi + tag: v0.10.0-ubi certController: image: - tag: v0.9.20-ubi + tag: v0.10.0-ubi diff --git a/common/hashicorp-vault/Chart.yaml b/common/hashicorp-vault/Chart.yaml index 87d3470d..09d48391 100644 --- a/common/hashicorp-vault/Chart.yaml +++ b/common/hashicorp-vault/Chart.yaml @@ -3,7 +3,7 @@ description: A Helm chart to configure Hashicorp's vault. keywords: - pattern name: hashicorp-vault -version: 0.1.1 +version: 0.1.2 dependencies: - name: vault version: "0.28.1" diff --git a/common/hashicorp-vault/values.yaml b/common/hashicorp-vault/values.yaml index 6029a2f0..3b16a951 100644 --- a/common/hashicorp-vault/values.yaml +++ b/common/hashicorp-vault/values.yaml @@ -48,4 +48,4 @@ vault: termination: "reencrypt" image: repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.17.2-ubi" + tag: "1.17.3-ubi" diff --git a/common/letsencrypt/Chart.yaml b/common/letsencrypt/Chart.yaml index 899c790e..d8a9810f 100644 --- a/common/letsencrypt/Chart.yaml +++ b/common/letsencrypt/Chart.yaml @@ -7,7 +7,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 +version: 0.1.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/common/operator-install/templates/pattern.yaml b/common/operator-install/templates/pattern.yaml index 728726f0..3eda9482 100644 --- a/common/operator-install/templates/pattern.yaml +++ b/common/operator-install/templates/pattern.yaml @@ -6,6 +6,9 @@ metadata: spec: clusterGroupName: {{ .Values.main.clusterGroupName }} gitSpec: +{{- if .Values.main.git.repoUpstreamURL }} + originRepo: {{ .Values.main.git.repoUpstreamURL }} +{{- end }} {{/* if .Values.main.git.repoUpstreamURL */}} targetRepo: {{ .Values.main.git.repoURL }} targetRevision: {{ .Values.main.git.revision }} {{- if and .Values.main.tokenSecret .Values.main.tokenSecretNamespace }} @@ -14,6 +17,9 @@ spec: {{- end }} {{/* if and .Values.main.tokenSecret .Values.main.tokenSecretNamespace */}} multiSourceConfig: enabled: {{ .Values.main.multiSourceConfig.enabled }} +{{- if .Values.main.multiSourceConfig.helmRepoUrl }} + helmRepoUrl: {{ .Values.main.multiSourceConfig.helmRepoUrl }} +{{- end }} {{/* if .Values.main.multiSourceConfig.helmRepoUrl */}} {{- if .Values.main.analyticsUUID }} analyticsUUID: {{ .Values.main.analyticsUUID }} {{- end }} {{/* if .Values.main.analyticsUUID */}} diff --git a/common/operator-install/values.yaml b/common/operator-install/values.yaml index a46cca2e..62c9943a 100644 --- a/common/operator-install/values.yaml +++ b/common/operator-install/values.yaml @@ -3,15 +3,21 @@ global: main: git: + # Uncommenting this will set the `originRepo` with the below value + # when `originRepo` is set, an in-cluster gitea will automatically be spawned. + # In this case `originRepo` will point to the upstream repository and `targetRepo` + # will point to the internal in-cluster gitea mirror + # repoUpstreamURL: https://github.com/validatedpatterns/multicloud-gitops repoURL: https://github.com/pattern-clone/mypattern revision: main gitops: - channel: "gitops-1.12" + channel: "gitops-1.13" operatorSource: redhat-operators multiSourceConfig: enabled: false + # helmRepoUrl: registry.internal.network/helm # String to enable certain experimental capabilities in the operator and the # framework. Not needed unless you know exactly what you're doing. diff --git a/common/reference-output.yaml b/common/reference-output.yaml index 54f4052a..1eef9745 100644 --- a/common/reference-output.yaml +++ b/common/reference-output.yaml @@ -112,7 +112,7 @@ metadata: labels: operators.coreos.com/openshift-gitops-operator.openshift-operators: "" spec: - channel: gitops-1.12 + channel: gitops-1.13 installPlanApproval: Automatic name: openshift-gitops-operator source: redhat-operators diff --git a/common/scripts/pattern-util.sh b/common/scripts/pattern-util.sh index 508e1531..8fa4a26f 100755 --- a/common/scripts/pattern-util.sh +++ b/common/scripts/pattern-util.sh @@ -38,7 +38,8 @@ else MYNAME=$(id -n -u) MYUID=$(id -u) MYGID=$(id -g) - PODMAN_ARGS="--passwd-entry ${MYNAME}:x:${MYUID}:${MYGID}:/pattern-home:/bin/bash --user ${MYUID}:${MYGID} --userns keep-id:uid=${MYUID},gid=${MYGID}" + PODMAN_ARGS="--passwd-entry ${MYNAME}:x:${MYUID}:${MYGID}::/pattern-home:/bin/bash --user ${MYUID}:${MYGID} --userns keep-id:uid=${MYUID},gid=${MYGID}" + fi if [ -n "$KUBECONFIG" ]; then @@ -73,7 +74,14 @@ podman run -it --rm --pull=newer \ --security-opt label=disable \ -e EXTRA_HELM_OPTS \ -e EXTRA_PLAYBOOK_OPTS \ + -e VALUES_SECRET \ -e KUBECONFIG \ + -e K8S_AUTH_HOST \ + -e K8S_AUTH_VERIFY_SSL \ + -e K8S_AUTH_SSL_CA_CERT \ + -e K8S_AUTH_USERNAME \ + -e K8S_AUTH_PASSWORD \ + -e K8S_AUTH_TOKEN \ ${PKI_HOST_MOUNT_ARGS} \ -v "${HOME}":"${HOME}" \ -v "${HOME}":/pattern-home \ diff --git a/common/tests/acm-industrial-edge-factory.expected.yaml b/common/tests/acm-industrial-edge-factory.expected.yaml index 39238f91..94c8254f 100644 --- a/common/tests/acm-industrial-edge-factory.expected.yaml +++ b/common/tests/acm-industrial-edge-factory.expected.yaml @@ -139,7 +139,7 @@ spec: labels: operators.coreos.com/openshift-gitops-operator.openshift-operators: '' spec: - channel: gitops-1.12 + channel: gitops-1.13 installPlanApproval: Automatic name: openshift-gitops-operator source: redhat-operators diff --git a/common/tests/acm-industrial-edge-hub.expected.yaml b/common/tests/acm-industrial-edge-hub.expected.yaml index 8b18a4da..00cf4e4d 100644 --- a/common/tests/acm-industrial-edge-hub.expected.yaml +++ b/common/tests/acm-industrial-edge-hub.expected.yaml @@ -509,7 +509,7 @@ spec: labels: operators.coreos.com/openshift-gitops-operator.openshift-operators: '' spec: - channel: gitops-1.12 + channel: gitops-1.13 installPlanApproval: Automatic name: openshift-gitops-operator source: redhat-operators diff --git a/common/tests/acm-medical-diagnosis-hub.expected.yaml b/common/tests/acm-medical-diagnosis-hub.expected.yaml index dffb9eb6..5fea58d0 100644 --- a/common/tests/acm-medical-diagnosis-hub.expected.yaml +++ b/common/tests/acm-medical-diagnosis-hub.expected.yaml @@ -500,7 +500,7 @@ spec: labels: operators.coreos.com/openshift-gitops-operator.openshift-operators: '' spec: - channel: gitops-1.12 + channel: gitops-1.13 installPlanApproval: Automatic name: openshift-gitops-operator source: redhat-operators diff --git a/common/tests/acm-naked.expected.yaml b/common/tests/acm-naked.expected.yaml index 39238f91..94c8254f 100644 --- a/common/tests/acm-naked.expected.yaml +++ b/common/tests/acm-naked.expected.yaml @@ -139,7 +139,7 @@ spec: labels: operators.coreos.com/openshift-gitops-operator.openshift-operators: '' spec: - channel: gitops-1.12 + channel: gitops-1.13 installPlanApproval: Automatic name: openshift-gitops-operator source: redhat-operators diff --git a/common/tests/acm-normal.expected.yaml b/common/tests/acm-normal.expected.yaml index 1e2b1573..6823a01b 100644 --- a/common/tests/acm-normal.expected.yaml +++ b/common/tests/acm-normal.expected.yaml @@ -1670,7 +1670,7 @@ spec: labels: operators.coreos.com/openshift-gitops-operator.openshift-operators: '' spec: - channel: gitops-1.12 + channel: gitops-1.13 installPlanApproval: Automatic name: openshift-gitops-operator source: redhat-operators diff --git a/common/tests/golang-external-secrets-industrial-edge-factory.expected.yaml b/common/tests/golang-external-secrets-industrial-edge-factory.expected.yaml index c62b1c45..fea780d3 100644 --- a/common/tests/golang-external-secrets-industrial-edge-factory.expected.yaml +++ b/common/tests/golang-external-secrets-industrial-edge-factory.expected.yaml @@ -6,10 +6,10 @@ metadata: name: external-secrets-cert-controller namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/serviceaccount.yaml @@ -19,10 +19,10 @@ metadata: name: golang-external-secrets namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-serviceaccount.yaml @@ -32,10 +32,10 @@ metadata: name: external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-secret.yaml @@ -45,10 +45,10 @@ metadata: name: golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook --- @@ -2877,6 +2877,9 @@ spec: externalID: description: AWS External ID set on assumed IAM roles type: string + prefix: + description: Prefix adds a prefix to all retrieved values. + type: string region: description: AWS Region to be used for the provider type: string @@ -4299,7 +4302,7 @@ spec: type: object type: object apiUrl: - default: https://api.pulumi.com + default: https://api.pulumi.com/api/preview description: APIURL is the URL of the Pulumi API. type: string environment: @@ -4385,6 +4388,69 @@ spec: - region - secretKey type: object + secretserver: + description: |- + SecretServer configures this store to sync secrets using SecretServer provider + https://docs.delinea.com/online-help/secret-server/start.htm + properties: + password: + description: Password is the secret server account password. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + serverURL: + description: |- + ServerURL + URL to your secret server installation + type: string + username: + description: Username is the secret server account username. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + required: + - password + - serverURL + - username + type: object senhasegura: description: Senhasegura configures this store to sync secrets using senhasegura provider properties: @@ -4949,6 +5015,11 @@ spec: the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object namespace: description: |- Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows @@ -9024,6 +9095,9 @@ spec: externalID: description: AWS External ID set on assumed IAM roles type: string + prefix: + description: Prefix adds a prefix to all retrieved values. + type: string region: description: AWS Region to be used for the provider type: string @@ -10446,7 +10520,7 @@ spec: type: object type: object apiUrl: - default: https://api.pulumi.com + default: https://api.pulumi.com/api/preview description: APIURL is the URL of the Pulumi API. type: string environment: @@ -10532,6 +10606,69 @@ spec: - region - secretKey type: object + secretserver: + description: |- + SecretServer configures this store to sync secrets using SecretServer provider + https://docs.delinea.com/online-help/secret-server/start.htm + properties: + password: + description: Password is the secret server account password. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + serverURL: + description: |- + ServerURL + URL to your secret server installation + type: string + username: + description: Username is the secret server account username. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + required: + - password + - serverURL + - username + type: object senhasegura: description: Senhasegura configures this store to sync secrets using senhasegura provider properties: @@ -11096,6 +11233,11 @@ spec: the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object namespace: description: |- Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows @@ -12014,6 +12156,11 @@ spec: the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object namespace: description: |- Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows @@ -12286,10 +12433,10 @@ kind: ClusterRole metadata: name: golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12353,10 +12500,10 @@ kind: ClusterRole metadata: name: golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12465,10 +12612,10 @@ kind: ClusterRole metadata: name: golang-external-secrets-view labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -12507,10 +12654,10 @@ kind: ClusterRole metadata: name: golang-external-secrets-edit labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" @@ -12553,10 +12700,10 @@ metadata: name: golang-external-secrets-servicebindings labels: servicebinding.io/controller: "true" - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12574,10 +12721,10 @@ kind: ClusterRoleBinding metadata: name: golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12594,10 +12741,10 @@ kind: ClusterRoleBinding metadata: name: golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12630,10 +12777,10 @@ metadata: name: golang-external-secrets-leaderelection namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12669,10 +12816,10 @@ metadata: name: golang-external-secrets-leaderelection namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12690,10 +12837,10 @@ metadata: name: golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook spec: @@ -12714,10 +12861,10 @@ metadata: name: golang-external-secrets-cert-controller namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12729,10 +12876,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: serviceAccountName: external-secrets-cert-controller @@ -12747,7 +12894,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.20-ubi + image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi imagePullPolicy: IfNotPresent args: - certcontroller @@ -12779,10 +12926,10 @@ metadata: name: golang-external-secrets namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12794,10 +12941,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: serviceAccountName: golang-external-secrets @@ -12812,7 +12959,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.20-ubi + image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi imagePullPolicy: IfNotPresent args: - --concurrent=1 @@ -12832,10 +12979,10 @@ metadata: name: golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12847,10 +12994,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: hostNetwork: false @@ -12865,7 +13012,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.20-ubi + image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi imagePullPolicy: IfNotPresent args: - webhook diff --git a/common/tests/golang-external-secrets-industrial-edge-hub.expected.yaml b/common/tests/golang-external-secrets-industrial-edge-hub.expected.yaml index 9992bde2..341ae7e2 100644 --- a/common/tests/golang-external-secrets-industrial-edge-hub.expected.yaml +++ b/common/tests/golang-external-secrets-industrial-edge-hub.expected.yaml @@ -6,10 +6,10 @@ metadata: name: external-secrets-cert-controller namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/serviceaccount.yaml @@ -19,10 +19,10 @@ metadata: name: golang-external-secrets namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-serviceaccount.yaml @@ -32,10 +32,10 @@ metadata: name: external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-secret.yaml @@ -45,10 +45,10 @@ metadata: name: golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook --- @@ -2877,6 +2877,9 @@ spec: externalID: description: AWS External ID set on assumed IAM roles type: string + prefix: + description: Prefix adds a prefix to all retrieved values. + type: string region: description: AWS Region to be used for the provider type: string @@ -4299,7 +4302,7 @@ spec: type: object type: object apiUrl: - default: https://api.pulumi.com + default: https://api.pulumi.com/api/preview description: APIURL is the URL of the Pulumi API. type: string environment: @@ -4385,6 +4388,69 @@ spec: - region - secretKey type: object + secretserver: + description: |- + SecretServer configures this store to sync secrets using SecretServer provider + https://docs.delinea.com/online-help/secret-server/start.htm + properties: + password: + description: Password is the secret server account password. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + serverURL: + description: |- + ServerURL + URL to your secret server installation + type: string + username: + description: Username is the secret server account username. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + required: + - password + - serverURL + - username + type: object senhasegura: description: Senhasegura configures this store to sync secrets using senhasegura provider properties: @@ -4949,6 +5015,11 @@ spec: the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object namespace: description: |- Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows @@ -9024,6 +9095,9 @@ spec: externalID: description: AWS External ID set on assumed IAM roles type: string + prefix: + description: Prefix adds a prefix to all retrieved values. + type: string region: description: AWS Region to be used for the provider type: string @@ -10446,7 +10520,7 @@ spec: type: object type: object apiUrl: - default: https://api.pulumi.com + default: https://api.pulumi.com/api/preview description: APIURL is the URL of the Pulumi API. type: string environment: @@ -10532,6 +10606,69 @@ spec: - region - secretKey type: object + secretserver: + description: |- + SecretServer configures this store to sync secrets using SecretServer provider + https://docs.delinea.com/online-help/secret-server/start.htm + properties: + password: + description: Password is the secret server account password. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + serverURL: + description: |- + ServerURL + URL to your secret server installation + type: string + username: + description: Username is the secret server account username. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + required: + - password + - serverURL + - username + type: object senhasegura: description: Senhasegura configures this store to sync secrets using senhasegura provider properties: @@ -11096,6 +11233,11 @@ spec: the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object namespace: description: |- Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows @@ -12014,6 +12156,11 @@ spec: the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object namespace: description: |- Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows @@ -12286,10 +12433,10 @@ kind: ClusterRole metadata: name: golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12353,10 +12500,10 @@ kind: ClusterRole metadata: name: golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12465,10 +12612,10 @@ kind: ClusterRole metadata: name: golang-external-secrets-view labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -12507,10 +12654,10 @@ kind: ClusterRole metadata: name: golang-external-secrets-edit labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" @@ -12553,10 +12700,10 @@ metadata: name: golang-external-secrets-servicebindings labels: servicebinding.io/controller: "true" - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12574,10 +12721,10 @@ kind: ClusterRoleBinding metadata: name: golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12594,10 +12741,10 @@ kind: ClusterRoleBinding metadata: name: golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12630,10 +12777,10 @@ metadata: name: golang-external-secrets-leaderelection namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12669,10 +12816,10 @@ metadata: name: golang-external-secrets-leaderelection namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12690,10 +12837,10 @@ metadata: name: golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook spec: @@ -12714,10 +12861,10 @@ metadata: name: golang-external-secrets-cert-controller namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12729,10 +12876,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: serviceAccountName: external-secrets-cert-controller @@ -12747,7 +12894,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.20-ubi + image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi imagePullPolicy: IfNotPresent args: - certcontroller @@ -12779,10 +12926,10 @@ metadata: name: golang-external-secrets namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12794,10 +12941,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: serviceAccountName: golang-external-secrets @@ -12812,7 +12959,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.20-ubi + image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi imagePullPolicy: IfNotPresent args: - --concurrent=1 @@ -12832,10 +12979,10 @@ metadata: name: golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12847,10 +12994,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: hostNetwork: false @@ -12865,7 +13012,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.20-ubi + image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi imagePullPolicy: IfNotPresent args: - webhook diff --git a/common/tests/golang-external-secrets-medical-diagnosis-hub.expected.yaml b/common/tests/golang-external-secrets-medical-diagnosis-hub.expected.yaml index 9992bde2..341ae7e2 100644 --- a/common/tests/golang-external-secrets-medical-diagnosis-hub.expected.yaml +++ b/common/tests/golang-external-secrets-medical-diagnosis-hub.expected.yaml @@ -6,10 +6,10 @@ metadata: name: external-secrets-cert-controller namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/serviceaccount.yaml @@ -19,10 +19,10 @@ metadata: name: golang-external-secrets namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-serviceaccount.yaml @@ -32,10 +32,10 @@ metadata: name: external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-secret.yaml @@ -45,10 +45,10 @@ metadata: name: golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook --- @@ -2877,6 +2877,9 @@ spec: externalID: description: AWS External ID set on assumed IAM roles type: string + prefix: + description: Prefix adds a prefix to all retrieved values. + type: string region: description: AWS Region to be used for the provider type: string @@ -4299,7 +4302,7 @@ spec: type: object type: object apiUrl: - default: https://api.pulumi.com + default: https://api.pulumi.com/api/preview description: APIURL is the URL of the Pulumi API. type: string environment: @@ -4385,6 +4388,69 @@ spec: - region - secretKey type: object + secretserver: + description: |- + SecretServer configures this store to sync secrets using SecretServer provider + https://docs.delinea.com/online-help/secret-server/start.htm + properties: + password: + description: Password is the secret server account password. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + serverURL: + description: |- + ServerURL + URL to your secret server installation + type: string + username: + description: Username is the secret server account username. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + required: + - password + - serverURL + - username + type: object senhasegura: description: Senhasegura configures this store to sync secrets using senhasegura provider properties: @@ -4949,6 +5015,11 @@ spec: the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object namespace: description: |- Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows @@ -9024,6 +9095,9 @@ spec: externalID: description: AWS External ID set on assumed IAM roles type: string + prefix: + description: Prefix adds a prefix to all retrieved values. + type: string region: description: AWS Region to be used for the provider type: string @@ -10446,7 +10520,7 @@ spec: type: object type: object apiUrl: - default: https://api.pulumi.com + default: https://api.pulumi.com/api/preview description: APIURL is the URL of the Pulumi API. type: string environment: @@ -10532,6 +10606,69 @@ spec: - region - secretKey type: object + secretserver: + description: |- + SecretServer configures this store to sync secrets using SecretServer provider + https://docs.delinea.com/online-help/secret-server/start.htm + properties: + password: + description: Password is the secret server account password. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + serverURL: + description: |- + ServerURL + URL to your secret server installation + type: string + username: + description: Username is the secret server account username. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + required: + - password + - serverURL + - username + type: object senhasegura: description: Senhasegura configures this store to sync secrets using senhasegura provider properties: @@ -11096,6 +11233,11 @@ spec: the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object namespace: description: |- Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows @@ -12014,6 +12156,11 @@ spec: the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object namespace: description: |- Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows @@ -12286,10 +12433,10 @@ kind: ClusterRole metadata: name: golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12353,10 +12500,10 @@ kind: ClusterRole metadata: name: golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12465,10 +12612,10 @@ kind: ClusterRole metadata: name: golang-external-secrets-view labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -12507,10 +12654,10 @@ kind: ClusterRole metadata: name: golang-external-secrets-edit labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" @@ -12553,10 +12700,10 @@ metadata: name: golang-external-secrets-servicebindings labels: servicebinding.io/controller: "true" - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12574,10 +12721,10 @@ kind: ClusterRoleBinding metadata: name: golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12594,10 +12741,10 @@ kind: ClusterRoleBinding metadata: name: golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12630,10 +12777,10 @@ metadata: name: golang-external-secrets-leaderelection namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12669,10 +12816,10 @@ metadata: name: golang-external-secrets-leaderelection namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12690,10 +12837,10 @@ metadata: name: golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook spec: @@ -12714,10 +12861,10 @@ metadata: name: golang-external-secrets-cert-controller namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12729,10 +12876,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: serviceAccountName: external-secrets-cert-controller @@ -12747,7 +12894,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.20-ubi + image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi imagePullPolicy: IfNotPresent args: - certcontroller @@ -12779,10 +12926,10 @@ metadata: name: golang-external-secrets namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12794,10 +12941,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: serviceAccountName: golang-external-secrets @@ -12812,7 +12959,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.20-ubi + image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi imagePullPolicy: IfNotPresent args: - --concurrent=1 @@ -12832,10 +12979,10 @@ metadata: name: golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12847,10 +12994,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: hostNetwork: false @@ -12865,7 +13012,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.20-ubi + image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi imagePullPolicy: IfNotPresent args: - webhook diff --git a/common/tests/golang-external-secrets-naked.expected.yaml b/common/tests/golang-external-secrets-naked.expected.yaml index 375e4494..72ffed42 100644 --- a/common/tests/golang-external-secrets-naked.expected.yaml +++ b/common/tests/golang-external-secrets-naked.expected.yaml @@ -6,10 +6,10 @@ metadata: name: external-secrets-cert-controller namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/serviceaccount.yaml @@ -19,10 +19,10 @@ metadata: name: golang-external-secrets namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-serviceaccount.yaml @@ -32,10 +32,10 @@ metadata: name: external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-secret.yaml @@ -45,10 +45,10 @@ metadata: name: golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook --- @@ -2877,6 +2877,9 @@ spec: externalID: description: AWS External ID set on assumed IAM roles type: string + prefix: + description: Prefix adds a prefix to all retrieved values. + type: string region: description: AWS Region to be used for the provider type: string @@ -4299,7 +4302,7 @@ spec: type: object type: object apiUrl: - default: https://api.pulumi.com + default: https://api.pulumi.com/api/preview description: APIURL is the URL of the Pulumi API. type: string environment: @@ -4385,6 +4388,69 @@ spec: - region - secretKey type: object + secretserver: + description: |- + SecretServer configures this store to sync secrets using SecretServer provider + https://docs.delinea.com/online-help/secret-server/start.htm + properties: + password: + description: Password is the secret server account password. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + serverURL: + description: |- + ServerURL + URL to your secret server installation + type: string + username: + description: Username is the secret server account username. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + required: + - password + - serverURL + - username + type: object senhasegura: description: Senhasegura configures this store to sync secrets using senhasegura provider properties: @@ -4949,6 +5015,11 @@ spec: the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object namespace: description: |- Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows @@ -9024,6 +9095,9 @@ spec: externalID: description: AWS External ID set on assumed IAM roles type: string + prefix: + description: Prefix adds a prefix to all retrieved values. + type: string region: description: AWS Region to be used for the provider type: string @@ -10446,7 +10520,7 @@ spec: type: object type: object apiUrl: - default: https://api.pulumi.com + default: https://api.pulumi.com/api/preview description: APIURL is the URL of the Pulumi API. type: string environment: @@ -10532,6 +10606,69 @@ spec: - region - secretKey type: object + secretserver: + description: |- + SecretServer configures this store to sync secrets using SecretServer provider + https://docs.delinea.com/online-help/secret-server/start.htm + properties: + password: + description: Password is the secret server account password. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + serverURL: + description: |- + ServerURL + URL to your secret server installation + type: string + username: + description: Username is the secret server account username. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + required: + - password + - serverURL + - username + type: object senhasegura: description: Senhasegura configures this store to sync secrets using senhasegura provider properties: @@ -11096,6 +11233,11 @@ spec: the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object namespace: description: |- Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows @@ -12014,6 +12156,11 @@ spec: the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object namespace: description: |- Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows @@ -12286,10 +12433,10 @@ kind: ClusterRole metadata: name: golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12353,10 +12500,10 @@ kind: ClusterRole metadata: name: golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12465,10 +12612,10 @@ kind: ClusterRole metadata: name: golang-external-secrets-view labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -12507,10 +12654,10 @@ kind: ClusterRole metadata: name: golang-external-secrets-edit labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" @@ -12553,10 +12700,10 @@ metadata: name: golang-external-secrets-servicebindings labels: servicebinding.io/controller: "true" - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12574,10 +12721,10 @@ kind: ClusterRoleBinding metadata: name: golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12594,10 +12741,10 @@ kind: ClusterRoleBinding metadata: name: golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12630,10 +12777,10 @@ metadata: name: golang-external-secrets-leaderelection namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12669,10 +12816,10 @@ metadata: name: golang-external-secrets-leaderelection namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12690,10 +12837,10 @@ metadata: name: golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook spec: @@ -12714,10 +12861,10 @@ metadata: name: golang-external-secrets-cert-controller namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12729,10 +12876,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: serviceAccountName: external-secrets-cert-controller @@ -12747,7 +12894,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.20-ubi + image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi imagePullPolicy: IfNotPresent args: - certcontroller @@ -12779,10 +12926,10 @@ metadata: name: golang-external-secrets namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12794,10 +12941,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: serviceAccountName: golang-external-secrets @@ -12812,7 +12959,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.20-ubi + image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi imagePullPolicy: IfNotPresent args: - --concurrent=1 @@ -12832,10 +12979,10 @@ metadata: name: golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12847,10 +12994,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: hostNetwork: false @@ -12865,7 +13012,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.20-ubi + image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi imagePullPolicy: IfNotPresent args: - webhook diff --git a/common/tests/golang-external-secrets-normal.expected.yaml b/common/tests/golang-external-secrets-normal.expected.yaml index 9992bde2..341ae7e2 100644 --- a/common/tests/golang-external-secrets-normal.expected.yaml +++ b/common/tests/golang-external-secrets-normal.expected.yaml @@ -6,10 +6,10 @@ metadata: name: external-secrets-cert-controller namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/serviceaccount.yaml @@ -19,10 +19,10 @@ metadata: name: golang-external-secrets namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-serviceaccount.yaml @@ -32,10 +32,10 @@ metadata: name: external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-secret.yaml @@ -45,10 +45,10 @@ metadata: name: golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook --- @@ -2877,6 +2877,9 @@ spec: externalID: description: AWS External ID set on assumed IAM roles type: string + prefix: + description: Prefix adds a prefix to all retrieved values. + type: string region: description: AWS Region to be used for the provider type: string @@ -4299,7 +4302,7 @@ spec: type: object type: object apiUrl: - default: https://api.pulumi.com + default: https://api.pulumi.com/api/preview description: APIURL is the URL of the Pulumi API. type: string environment: @@ -4385,6 +4388,69 @@ spec: - region - secretKey type: object + secretserver: + description: |- + SecretServer configures this store to sync secrets using SecretServer provider + https://docs.delinea.com/online-help/secret-server/start.htm + properties: + password: + description: Password is the secret server account password. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + serverURL: + description: |- + ServerURL + URL to your secret server installation + type: string + username: + description: Username is the secret server account username. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + required: + - password + - serverURL + - username + type: object senhasegura: description: Senhasegura configures this store to sync secrets using senhasegura provider properties: @@ -4949,6 +5015,11 @@ spec: the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object namespace: description: |- Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows @@ -9024,6 +9095,9 @@ spec: externalID: description: AWS External ID set on assumed IAM roles type: string + prefix: + description: Prefix adds a prefix to all retrieved values. + type: string region: description: AWS Region to be used for the provider type: string @@ -10446,7 +10520,7 @@ spec: type: object type: object apiUrl: - default: https://api.pulumi.com + default: https://api.pulumi.com/api/preview description: APIURL is the URL of the Pulumi API. type: string environment: @@ -10532,6 +10606,69 @@ spec: - region - secretKey type: object + secretserver: + description: |- + SecretServer configures this store to sync secrets using SecretServer provider + https://docs.delinea.com/online-help/secret-server/start.htm + properties: + password: + description: Password is the secret server account password. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + serverURL: + description: |- + ServerURL + URL to your secret server installation + type: string + username: + description: Username is the secret server account username. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + required: + - password + - serverURL + - username + type: object senhasegura: description: Senhasegura configures this store to sync secrets using senhasegura provider properties: @@ -11096,6 +11233,11 @@ spec: the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object namespace: description: |- Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows @@ -12014,6 +12156,11 @@ spec: the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object namespace: description: |- Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows @@ -12286,10 +12433,10 @@ kind: ClusterRole metadata: name: golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12353,10 +12500,10 @@ kind: ClusterRole metadata: name: golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12465,10 +12612,10 @@ kind: ClusterRole metadata: name: golang-external-secrets-view labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -12507,10 +12654,10 @@ kind: ClusterRole metadata: name: golang-external-secrets-edit labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" @@ -12553,10 +12700,10 @@ metadata: name: golang-external-secrets-servicebindings labels: servicebinding.io/controller: "true" - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12574,10 +12721,10 @@ kind: ClusterRoleBinding metadata: name: golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12594,10 +12741,10 @@ kind: ClusterRoleBinding metadata: name: golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12630,10 +12777,10 @@ metadata: name: golang-external-secrets-leaderelection namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12669,10 +12816,10 @@ metadata: name: golang-external-secrets-leaderelection namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12690,10 +12837,10 @@ metadata: name: golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook spec: @@ -12714,10 +12861,10 @@ metadata: name: golang-external-secrets-cert-controller namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12729,10 +12876,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: serviceAccountName: external-secrets-cert-controller @@ -12747,7 +12894,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.20-ubi + image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi imagePullPolicy: IfNotPresent args: - certcontroller @@ -12779,10 +12926,10 @@ metadata: name: golang-external-secrets namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12794,10 +12941,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: serviceAccountName: golang-external-secrets @@ -12812,7 +12959,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.20-ubi + image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi imagePullPolicy: IfNotPresent args: - --concurrent=1 @@ -12832,10 +12979,10 @@ metadata: name: golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12847,10 +12994,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: hostNetwork: false @@ -12865,7 +13012,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.20-ubi + image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi imagePullPolicy: IfNotPresent args: - webhook diff --git a/common/tests/hashicorp-vault-industrial-edge-factory.expected.yaml b/common/tests/hashicorp-vault-industrial-edge-factory.expected.yaml index a17a6974..fb8f1c8e 100644 --- a/common/tests/hashicorp-vault-industrial-edge-factory.expected.yaml +++ b/common/tests/hashicorp-vault-industrial-edge-factory.expected.yaml @@ -206,7 +206,7 @@ spec: containers: - name: vault - image: registry.connect.redhat.com/hashicorp/vault:1.17.2-ubi + image: registry.connect.redhat.com/hashicorp/vault:1.17.3-ubi imagePullPolicy: IfNotPresent command: - "/bin/sh" @@ -375,7 +375,7 @@ spec: containers: - name: hashicorp-vault-server-test - image: registry.connect.redhat.com/hashicorp/vault:1.17.2-ubi + image: registry.connect.redhat.com/hashicorp/vault:1.17.3-ubi imagePullPolicy: IfNotPresent env: - name: VAULT_ADDR diff --git a/common/tests/hashicorp-vault-industrial-edge-hub.expected.yaml b/common/tests/hashicorp-vault-industrial-edge-hub.expected.yaml index a17a6974..fb8f1c8e 100644 --- a/common/tests/hashicorp-vault-industrial-edge-hub.expected.yaml +++ b/common/tests/hashicorp-vault-industrial-edge-hub.expected.yaml @@ -206,7 +206,7 @@ spec: containers: - name: vault - image: registry.connect.redhat.com/hashicorp/vault:1.17.2-ubi + image: registry.connect.redhat.com/hashicorp/vault:1.17.3-ubi imagePullPolicy: IfNotPresent command: - "/bin/sh" @@ -375,7 +375,7 @@ spec: containers: - name: hashicorp-vault-server-test - image: registry.connect.redhat.com/hashicorp/vault:1.17.2-ubi + image: registry.connect.redhat.com/hashicorp/vault:1.17.3-ubi imagePullPolicy: IfNotPresent env: - name: VAULT_ADDR diff --git a/common/tests/hashicorp-vault-medical-diagnosis-hub.expected.yaml b/common/tests/hashicorp-vault-medical-diagnosis-hub.expected.yaml index a17a6974..fb8f1c8e 100644 --- a/common/tests/hashicorp-vault-medical-diagnosis-hub.expected.yaml +++ b/common/tests/hashicorp-vault-medical-diagnosis-hub.expected.yaml @@ -206,7 +206,7 @@ spec: containers: - name: vault - image: registry.connect.redhat.com/hashicorp/vault:1.17.2-ubi + image: registry.connect.redhat.com/hashicorp/vault:1.17.3-ubi imagePullPolicy: IfNotPresent command: - "/bin/sh" @@ -375,7 +375,7 @@ spec: containers: - name: hashicorp-vault-server-test - image: registry.connect.redhat.com/hashicorp/vault:1.17.2-ubi + image: registry.connect.redhat.com/hashicorp/vault:1.17.3-ubi imagePullPolicy: IfNotPresent env: - name: VAULT_ADDR diff --git a/common/tests/hashicorp-vault-naked.expected.yaml b/common/tests/hashicorp-vault-naked.expected.yaml index c3950b6d..49ea96cb 100644 --- a/common/tests/hashicorp-vault-naked.expected.yaml +++ b/common/tests/hashicorp-vault-naked.expected.yaml @@ -206,7 +206,7 @@ spec: containers: - name: vault - image: registry.connect.redhat.com/hashicorp/vault:1.17.2-ubi + image: registry.connect.redhat.com/hashicorp/vault:1.17.3-ubi imagePullPolicy: IfNotPresent command: - "/bin/sh" @@ -375,7 +375,7 @@ spec: containers: - name: hashicorp-vault-server-test - image: registry.connect.redhat.com/hashicorp/vault:1.17.2-ubi + image: registry.connect.redhat.com/hashicorp/vault:1.17.3-ubi imagePullPolicy: IfNotPresent env: - name: VAULT_ADDR diff --git a/common/tests/hashicorp-vault-normal.expected.yaml b/common/tests/hashicorp-vault-normal.expected.yaml index a17a6974..fb8f1c8e 100644 --- a/common/tests/hashicorp-vault-normal.expected.yaml +++ b/common/tests/hashicorp-vault-normal.expected.yaml @@ -206,7 +206,7 @@ spec: containers: - name: vault - image: registry.connect.redhat.com/hashicorp/vault:1.17.2-ubi + image: registry.connect.redhat.com/hashicorp/vault:1.17.3-ubi imagePullPolicy: IfNotPresent command: - "/bin/sh" @@ -375,7 +375,7 @@ spec: containers: - name: hashicorp-vault-server-test - image: registry.connect.redhat.com/hashicorp/vault:1.17.2-ubi + image: registry.connect.redhat.com/hashicorp/vault:1.17.3-ubi imagePullPolicy: IfNotPresent env: - name: VAULT_ADDR diff --git a/common/tests/operator-install-industrial-edge-factory.expected.yaml b/common/tests/operator-install-industrial-edge-factory.expected.yaml index 5e4aa02e..2bb7854e 100644 --- a/common/tests/operator-install-industrial-edge-factory.expected.yaml +++ b/common/tests/operator-install-industrial-edge-factory.expected.yaml @@ -7,7 +7,7 @@ metadata: namespace: openshift-operators data: gitops.catalogSource: redhat-operators - gitops.channel: gitops-1.12 + gitops.channel: gitops-1.13 # gitops.sourceNamespace: GitOpsDefaultCatalogSourceNamespace # gitops.installApprovalPlan: GitOpsDefaultApprovalPlan @@ -22,7 +22,7 @@ metadata: namespace: openshift-operators spec: clusterGroupName: example - gitSpec: + gitSpec: targetRepo: https://github.com/pattern-clone/mypattern targetRevision: main multiSourceConfig: diff --git a/common/tests/operator-install-industrial-edge-hub.expected.yaml b/common/tests/operator-install-industrial-edge-hub.expected.yaml index 5e4aa02e..2bb7854e 100644 --- a/common/tests/operator-install-industrial-edge-hub.expected.yaml +++ b/common/tests/operator-install-industrial-edge-hub.expected.yaml @@ -7,7 +7,7 @@ metadata: namespace: openshift-operators data: gitops.catalogSource: redhat-operators - gitops.channel: gitops-1.12 + gitops.channel: gitops-1.13 # gitops.sourceNamespace: GitOpsDefaultCatalogSourceNamespace # gitops.installApprovalPlan: GitOpsDefaultApprovalPlan @@ -22,7 +22,7 @@ metadata: namespace: openshift-operators spec: clusterGroupName: example - gitSpec: + gitSpec: targetRepo: https://github.com/pattern-clone/mypattern targetRevision: main multiSourceConfig: diff --git a/common/tests/operator-install-medical-diagnosis-hub.expected.yaml b/common/tests/operator-install-medical-diagnosis-hub.expected.yaml index 5e4aa02e..2bb7854e 100644 --- a/common/tests/operator-install-medical-diagnosis-hub.expected.yaml +++ b/common/tests/operator-install-medical-diagnosis-hub.expected.yaml @@ -7,7 +7,7 @@ metadata: namespace: openshift-operators data: gitops.catalogSource: redhat-operators - gitops.channel: gitops-1.12 + gitops.channel: gitops-1.13 # gitops.sourceNamespace: GitOpsDefaultCatalogSourceNamespace # gitops.installApprovalPlan: GitOpsDefaultApprovalPlan @@ -22,7 +22,7 @@ metadata: namespace: openshift-operators spec: clusterGroupName: example - gitSpec: + gitSpec: targetRepo: https://github.com/pattern-clone/mypattern targetRevision: main multiSourceConfig: diff --git a/common/tests/operator-install-naked.expected.yaml b/common/tests/operator-install-naked.expected.yaml index 3d58b474..d5f75c80 100644 --- a/common/tests/operator-install-naked.expected.yaml +++ b/common/tests/operator-install-naked.expected.yaml @@ -7,7 +7,7 @@ metadata: namespace: openshift-operators data: gitops.catalogSource: redhat-operators - gitops.channel: gitops-1.12 + gitops.channel: gitops-1.13 # gitops.sourceNamespace: GitOpsDefaultCatalogSourceNamespace # gitops.installApprovalPlan: GitOpsDefaultApprovalPlan @@ -22,7 +22,7 @@ metadata: namespace: openshift-operators spec: clusterGroupName: default - gitSpec: + gitSpec: targetRepo: https://github.com/pattern-clone/mypattern targetRevision: main multiSourceConfig: diff --git a/common/tests/operator-install-normal.expected.yaml b/common/tests/operator-install-normal.expected.yaml index 5e4aa02e..2bb7854e 100644 --- a/common/tests/operator-install-normal.expected.yaml +++ b/common/tests/operator-install-normal.expected.yaml @@ -7,7 +7,7 @@ metadata: namespace: openshift-operators data: gitops.catalogSource: redhat-operators - gitops.channel: gitops-1.12 + gitops.channel: gitops-1.13 # gitops.sourceNamespace: GitOpsDefaultCatalogSourceNamespace # gitops.installApprovalPlan: GitOpsDefaultApprovalPlan @@ -22,7 +22,7 @@ metadata: namespace: openshift-operators spec: clusterGroupName: example - gitSpec: + gitSpec: targetRepo: https://github.com/pattern-clone/mypattern targetRevision: main multiSourceConfig: diff --git a/tests/common-acm-industrial-edge-factory.expected.yaml b/tests/common-acm-industrial-edge-factory.expected.yaml index 39238f91..94c8254f 100644 --- a/tests/common-acm-industrial-edge-factory.expected.yaml +++ b/tests/common-acm-industrial-edge-factory.expected.yaml @@ -139,7 +139,7 @@ spec: labels: operators.coreos.com/openshift-gitops-operator.openshift-operators: '' spec: - channel: gitops-1.12 + channel: gitops-1.13 installPlanApproval: Automatic name: openshift-gitops-operator source: redhat-operators diff --git a/tests/common-acm-industrial-edge-hub.expected.yaml b/tests/common-acm-industrial-edge-hub.expected.yaml index 8b18a4da..00cf4e4d 100644 --- a/tests/common-acm-industrial-edge-hub.expected.yaml +++ b/tests/common-acm-industrial-edge-hub.expected.yaml @@ -509,7 +509,7 @@ spec: labels: operators.coreos.com/openshift-gitops-operator.openshift-operators: '' spec: - channel: gitops-1.12 + channel: gitops-1.13 installPlanApproval: Automatic name: openshift-gitops-operator source: redhat-operators diff --git a/tests/common-acm-medical-diagnosis-hub.expected.yaml b/tests/common-acm-medical-diagnosis-hub.expected.yaml index dffb9eb6..5fea58d0 100644 --- a/tests/common-acm-medical-diagnosis-hub.expected.yaml +++ b/tests/common-acm-medical-diagnosis-hub.expected.yaml @@ -500,7 +500,7 @@ spec: labels: operators.coreos.com/openshift-gitops-operator.openshift-operators: '' spec: - channel: gitops-1.12 + channel: gitops-1.13 installPlanApproval: Automatic name: openshift-gitops-operator source: redhat-operators diff --git a/tests/common-acm-naked.expected.yaml b/tests/common-acm-naked.expected.yaml index 39238f91..94c8254f 100644 --- a/tests/common-acm-naked.expected.yaml +++ b/tests/common-acm-naked.expected.yaml @@ -139,7 +139,7 @@ spec: labels: operators.coreos.com/openshift-gitops-operator.openshift-operators: '' spec: - channel: gitops-1.12 + channel: gitops-1.13 installPlanApproval: Automatic name: openshift-gitops-operator source: redhat-operators diff --git a/tests/common-acm-normal.expected.yaml b/tests/common-acm-normal.expected.yaml index 1e2b1573..6823a01b 100644 --- a/tests/common-acm-normal.expected.yaml +++ b/tests/common-acm-normal.expected.yaml @@ -1670,7 +1670,7 @@ spec: labels: operators.coreos.com/openshift-gitops-operator.openshift-operators: '' spec: - channel: gitops-1.12 + channel: gitops-1.13 installPlanApproval: Automatic name: openshift-gitops-operator source: redhat-operators diff --git a/tests/common-golang-external-secrets-industrial-edge-factory.expected.yaml b/tests/common-golang-external-secrets-industrial-edge-factory.expected.yaml index 66b23292..19c1f8c0 100644 --- a/tests/common-golang-external-secrets-industrial-edge-factory.expected.yaml +++ b/tests/common-golang-external-secrets-industrial-edge-factory.expected.yaml @@ -6,10 +6,10 @@ metadata: name: external-secrets-cert-controller namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/serviceaccount.yaml @@ -19,10 +19,10 @@ metadata: name: common-golang-external-secrets namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-serviceaccount.yaml @@ -32,10 +32,10 @@ metadata: name: external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-secret.yaml @@ -45,10 +45,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook --- @@ -2877,6 +2877,9 @@ spec: externalID: description: AWS External ID set on assumed IAM roles type: string + prefix: + description: Prefix adds a prefix to all retrieved values. + type: string region: description: AWS Region to be used for the provider type: string @@ -4299,7 +4302,7 @@ spec: type: object type: object apiUrl: - default: https://api.pulumi.com + default: https://api.pulumi.com/api/preview description: APIURL is the URL of the Pulumi API. type: string environment: @@ -4385,6 +4388,69 @@ spec: - region - secretKey type: object + secretserver: + description: |- + SecretServer configures this store to sync secrets using SecretServer provider + https://docs.delinea.com/online-help/secret-server/start.htm + properties: + password: + description: Password is the secret server account password. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + serverURL: + description: |- + ServerURL + URL to your secret server installation + type: string + username: + description: Username is the secret server account username. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + required: + - password + - serverURL + - username + type: object senhasegura: description: Senhasegura configures this store to sync secrets using senhasegura provider properties: @@ -4949,6 +5015,11 @@ spec: the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object namespace: description: |- Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows @@ -9024,6 +9095,9 @@ spec: externalID: description: AWS External ID set on assumed IAM roles type: string + prefix: + description: Prefix adds a prefix to all retrieved values. + type: string region: description: AWS Region to be used for the provider type: string @@ -10446,7 +10520,7 @@ spec: type: object type: object apiUrl: - default: https://api.pulumi.com + default: https://api.pulumi.com/api/preview description: APIURL is the URL of the Pulumi API. type: string environment: @@ -10532,6 +10606,69 @@ spec: - region - secretKey type: object + secretserver: + description: |- + SecretServer configures this store to sync secrets using SecretServer provider + https://docs.delinea.com/online-help/secret-server/start.htm + properties: + password: + description: Password is the secret server account password. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + serverURL: + description: |- + ServerURL + URL to your secret server installation + type: string + username: + description: Username is the secret server account username. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + required: + - password + - serverURL + - username + type: object senhasegura: description: Senhasegura configures this store to sync secrets using senhasegura provider properties: @@ -11096,6 +11233,11 @@ spec: the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object namespace: description: |- Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows @@ -12014,6 +12156,11 @@ spec: the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object namespace: description: |- Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows @@ -12286,10 +12433,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12353,10 +12500,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12465,10 +12612,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-view labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -12507,10 +12654,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-edit labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" @@ -12553,10 +12700,10 @@ metadata: name: common-golang-external-secrets-servicebindings labels: servicebinding.io/controller: "true" - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12574,10 +12721,10 @@ kind: ClusterRoleBinding metadata: name: common-golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12594,10 +12741,10 @@ kind: ClusterRoleBinding metadata: name: common-golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12630,10 +12777,10 @@ metadata: name: common-golang-external-secrets-leaderelection namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12669,10 +12816,10 @@ metadata: name: common-golang-external-secrets-leaderelection namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12690,10 +12837,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook spec: @@ -12714,10 +12861,10 @@ metadata: name: common-golang-external-secrets-cert-controller namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12729,10 +12876,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: serviceAccountName: external-secrets-cert-controller @@ -12747,7 +12894,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.20-ubi + image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi imagePullPolicy: IfNotPresent args: - certcontroller @@ -12779,10 +12926,10 @@ metadata: name: common-golang-external-secrets namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12794,10 +12941,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: serviceAccountName: common-golang-external-secrets @@ -12812,7 +12959,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.20-ubi + image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi imagePullPolicy: IfNotPresent args: - --concurrent=1 @@ -12832,10 +12979,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12847,10 +12994,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: hostNetwork: false @@ -12865,7 +13012,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.20-ubi + image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi imagePullPolicy: IfNotPresent args: - webhook diff --git a/tests/common-golang-external-secrets-industrial-edge-hub.expected.yaml b/tests/common-golang-external-secrets-industrial-edge-hub.expected.yaml index b7c2ad96..056054ba 100644 --- a/tests/common-golang-external-secrets-industrial-edge-hub.expected.yaml +++ b/tests/common-golang-external-secrets-industrial-edge-hub.expected.yaml @@ -6,10 +6,10 @@ metadata: name: external-secrets-cert-controller namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/serviceaccount.yaml @@ -19,10 +19,10 @@ metadata: name: common-golang-external-secrets namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-serviceaccount.yaml @@ -32,10 +32,10 @@ metadata: name: external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-secret.yaml @@ -45,10 +45,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook --- @@ -2877,6 +2877,9 @@ spec: externalID: description: AWS External ID set on assumed IAM roles type: string + prefix: + description: Prefix adds a prefix to all retrieved values. + type: string region: description: AWS Region to be used for the provider type: string @@ -4299,7 +4302,7 @@ spec: type: object type: object apiUrl: - default: https://api.pulumi.com + default: https://api.pulumi.com/api/preview description: APIURL is the URL of the Pulumi API. type: string environment: @@ -4385,6 +4388,69 @@ spec: - region - secretKey type: object + secretserver: + description: |- + SecretServer configures this store to sync secrets using SecretServer provider + https://docs.delinea.com/online-help/secret-server/start.htm + properties: + password: + description: Password is the secret server account password. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + serverURL: + description: |- + ServerURL + URL to your secret server installation + type: string + username: + description: Username is the secret server account username. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + required: + - password + - serverURL + - username + type: object senhasegura: description: Senhasegura configures this store to sync secrets using senhasegura provider properties: @@ -4949,6 +5015,11 @@ spec: the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object namespace: description: |- Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows @@ -9024,6 +9095,9 @@ spec: externalID: description: AWS External ID set on assumed IAM roles type: string + prefix: + description: Prefix adds a prefix to all retrieved values. + type: string region: description: AWS Region to be used for the provider type: string @@ -10446,7 +10520,7 @@ spec: type: object type: object apiUrl: - default: https://api.pulumi.com + default: https://api.pulumi.com/api/preview description: APIURL is the URL of the Pulumi API. type: string environment: @@ -10532,6 +10606,69 @@ spec: - region - secretKey type: object + secretserver: + description: |- + SecretServer configures this store to sync secrets using SecretServer provider + https://docs.delinea.com/online-help/secret-server/start.htm + properties: + password: + description: Password is the secret server account password. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + serverURL: + description: |- + ServerURL + URL to your secret server installation + type: string + username: + description: Username is the secret server account username. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + required: + - password + - serverURL + - username + type: object senhasegura: description: Senhasegura configures this store to sync secrets using senhasegura provider properties: @@ -11096,6 +11233,11 @@ spec: the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object namespace: description: |- Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows @@ -12014,6 +12156,11 @@ spec: the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object namespace: description: |- Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows @@ -12286,10 +12433,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12353,10 +12500,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12465,10 +12612,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-view labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -12507,10 +12654,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-edit labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" @@ -12553,10 +12700,10 @@ metadata: name: common-golang-external-secrets-servicebindings labels: servicebinding.io/controller: "true" - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12574,10 +12721,10 @@ kind: ClusterRoleBinding metadata: name: common-golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12594,10 +12741,10 @@ kind: ClusterRoleBinding metadata: name: common-golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12630,10 +12777,10 @@ metadata: name: common-golang-external-secrets-leaderelection namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12669,10 +12816,10 @@ metadata: name: common-golang-external-secrets-leaderelection namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12690,10 +12837,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook spec: @@ -12714,10 +12861,10 @@ metadata: name: common-golang-external-secrets-cert-controller namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12729,10 +12876,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: serviceAccountName: external-secrets-cert-controller @@ -12747,7 +12894,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.20-ubi + image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi imagePullPolicy: IfNotPresent args: - certcontroller @@ -12779,10 +12926,10 @@ metadata: name: common-golang-external-secrets namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12794,10 +12941,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: serviceAccountName: common-golang-external-secrets @@ -12812,7 +12959,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.20-ubi + image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi imagePullPolicy: IfNotPresent args: - --concurrent=1 @@ -12832,10 +12979,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12847,10 +12994,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: hostNetwork: false @@ -12865,7 +13012,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.20-ubi + image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi imagePullPolicy: IfNotPresent args: - webhook diff --git a/tests/common-golang-external-secrets-medical-diagnosis-hub.expected.yaml b/tests/common-golang-external-secrets-medical-diagnosis-hub.expected.yaml index b7c2ad96..056054ba 100644 --- a/tests/common-golang-external-secrets-medical-diagnosis-hub.expected.yaml +++ b/tests/common-golang-external-secrets-medical-diagnosis-hub.expected.yaml @@ -6,10 +6,10 @@ metadata: name: external-secrets-cert-controller namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/serviceaccount.yaml @@ -19,10 +19,10 @@ metadata: name: common-golang-external-secrets namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-serviceaccount.yaml @@ -32,10 +32,10 @@ metadata: name: external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-secret.yaml @@ -45,10 +45,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook --- @@ -2877,6 +2877,9 @@ spec: externalID: description: AWS External ID set on assumed IAM roles type: string + prefix: + description: Prefix adds a prefix to all retrieved values. + type: string region: description: AWS Region to be used for the provider type: string @@ -4299,7 +4302,7 @@ spec: type: object type: object apiUrl: - default: https://api.pulumi.com + default: https://api.pulumi.com/api/preview description: APIURL is the URL of the Pulumi API. type: string environment: @@ -4385,6 +4388,69 @@ spec: - region - secretKey type: object + secretserver: + description: |- + SecretServer configures this store to sync secrets using SecretServer provider + https://docs.delinea.com/online-help/secret-server/start.htm + properties: + password: + description: Password is the secret server account password. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + serverURL: + description: |- + ServerURL + URL to your secret server installation + type: string + username: + description: Username is the secret server account username. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + required: + - password + - serverURL + - username + type: object senhasegura: description: Senhasegura configures this store to sync secrets using senhasegura provider properties: @@ -4949,6 +5015,11 @@ spec: the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object namespace: description: |- Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows @@ -9024,6 +9095,9 @@ spec: externalID: description: AWS External ID set on assumed IAM roles type: string + prefix: + description: Prefix adds a prefix to all retrieved values. + type: string region: description: AWS Region to be used for the provider type: string @@ -10446,7 +10520,7 @@ spec: type: object type: object apiUrl: - default: https://api.pulumi.com + default: https://api.pulumi.com/api/preview description: APIURL is the URL of the Pulumi API. type: string environment: @@ -10532,6 +10606,69 @@ spec: - region - secretKey type: object + secretserver: + description: |- + SecretServer configures this store to sync secrets using SecretServer provider + https://docs.delinea.com/online-help/secret-server/start.htm + properties: + password: + description: Password is the secret server account password. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + serverURL: + description: |- + ServerURL + URL to your secret server installation + type: string + username: + description: Username is the secret server account username. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + required: + - password + - serverURL + - username + type: object senhasegura: description: Senhasegura configures this store to sync secrets using senhasegura provider properties: @@ -11096,6 +11233,11 @@ spec: the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object namespace: description: |- Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows @@ -12014,6 +12156,11 @@ spec: the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object namespace: description: |- Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows @@ -12286,10 +12433,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12353,10 +12500,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12465,10 +12612,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-view labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -12507,10 +12654,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-edit labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" @@ -12553,10 +12700,10 @@ metadata: name: common-golang-external-secrets-servicebindings labels: servicebinding.io/controller: "true" - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12574,10 +12721,10 @@ kind: ClusterRoleBinding metadata: name: common-golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12594,10 +12741,10 @@ kind: ClusterRoleBinding metadata: name: common-golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12630,10 +12777,10 @@ metadata: name: common-golang-external-secrets-leaderelection namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12669,10 +12816,10 @@ metadata: name: common-golang-external-secrets-leaderelection namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12690,10 +12837,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook spec: @@ -12714,10 +12861,10 @@ metadata: name: common-golang-external-secrets-cert-controller namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12729,10 +12876,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: serviceAccountName: external-secrets-cert-controller @@ -12747,7 +12894,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.20-ubi + image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi imagePullPolicy: IfNotPresent args: - certcontroller @@ -12779,10 +12926,10 @@ metadata: name: common-golang-external-secrets namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12794,10 +12941,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: serviceAccountName: common-golang-external-secrets @@ -12812,7 +12959,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.20-ubi + image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi imagePullPolicy: IfNotPresent args: - --concurrent=1 @@ -12832,10 +12979,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12847,10 +12994,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: hostNetwork: false @@ -12865,7 +13012,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.20-ubi + image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi imagePullPolicy: IfNotPresent args: - webhook diff --git a/tests/common-golang-external-secrets-naked.expected.yaml b/tests/common-golang-external-secrets-naked.expected.yaml index b6a836e9..3d12586b 100644 --- a/tests/common-golang-external-secrets-naked.expected.yaml +++ b/tests/common-golang-external-secrets-naked.expected.yaml @@ -6,10 +6,10 @@ metadata: name: external-secrets-cert-controller namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/serviceaccount.yaml @@ -19,10 +19,10 @@ metadata: name: common-golang-external-secrets namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-serviceaccount.yaml @@ -32,10 +32,10 @@ metadata: name: external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-secret.yaml @@ -45,10 +45,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook --- @@ -2877,6 +2877,9 @@ spec: externalID: description: AWS External ID set on assumed IAM roles type: string + prefix: + description: Prefix adds a prefix to all retrieved values. + type: string region: description: AWS Region to be used for the provider type: string @@ -4299,7 +4302,7 @@ spec: type: object type: object apiUrl: - default: https://api.pulumi.com + default: https://api.pulumi.com/api/preview description: APIURL is the URL of the Pulumi API. type: string environment: @@ -4385,6 +4388,69 @@ spec: - region - secretKey type: object + secretserver: + description: |- + SecretServer configures this store to sync secrets using SecretServer provider + https://docs.delinea.com/online-help/secret-server/start.htm + properties: + password: + description: Password is the secret server account password. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + serverURL: + description: |- + ServerURL + URL to your secret server installation + type: string + username: + description: Username is the secret server account username. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + required: + - password + - serverURL + - username + type: object senhasegura: description: Senhasegura configures this store to sync secrets using senhasegura provider properties: @@ -4949,6 +5015,11 @@ spec: the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object namespace: description: |- Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows @@ -9024,6 +9095,9 @@ spec: externalID: description: AWS External ID set on assumed IAM roles type: string + prefix: + description: Prefix adds a prefix to all retrieved values. + type: string region: description: AWS Region to be used for the provider type: string @@ -10446,7 +10520,7 @@ spec: type: object type: object apiUrl: - default: https://api.pulumi.com + default: https://api.pulumi.com/api/preview description: APIURL is the URL of the Pulumi API. type: string environment: @@ -10532,6 +10606,69 @@ spec: - region - secretKey type: object + secretserver: + description: |- + SecretServer configures this store to sync secrets using SecretServer provider + https://docs.delinea.com/online-help/secret-server/start.htm + properties: + password: + description: Password is the secret server account password. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + serverURL: + description: |- + ServerURL + URL to your secret server installation + type: string + username: + description: Username is the secret server account username. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + required: + - password + - serverURL + - username + type: object senhasegura: description: Senhasegura configures this store to sync secrets using senhasegura provider properties: @@ -11096,6 +11233,11 @@ spec: the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object namespace: description: |- Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows @@ -12014,6 +12156,11 @@ spec: the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object namespace: description: |- Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows @@ -12286,10 +12433,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12353,10 +12500,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12465,10 +12612,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-view labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -12507,10 +12654,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-edit labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" @@ -12553,10 +12700,10 @@ metadata: name: common-golang-external-secrets-servicebindings labels: servicebinding.io/controller: "true" - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12574,10 +12721,10 @@ kind: ClusterRoleBinding metadata: name: common-golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12594,10 +12741,10 @@ kind: ClusterRoleBinding metadata: name: common-golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12630,10 +12777,10 @@ metadata: name: common-golang-external-secrets-leaderelection namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12669,10 +12816,10 @@ metadata: name: common-golang-external-secrets-leaderelection namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12690,10 +12837,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook spec: @@ -12714,10 +12861,10 @@ metadata: name: common-golang-external-secrets-cert-controller namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12729,10 +12876,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: serviceAccountName: external-secrets-cert-controller @@ -12747,7 +12894,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.20-ubi + image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi imagePullPolicy: IfNotPresent args: - certcontroller @@ -12779,10 +12926,10 @@ metadata: name: common-golang-external-secrets namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12794,10 +12941,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: serviceAccountName: common-golang-external-secrets @@ -12812,7 +12959,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.20-ubi + image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi imagePullPolicy: IfNotPresent args: - --concurrent=1 @@ -12832,10 +12979,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12847,10 +12994,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: hostNetwork: false @@ -12865,7 +13012,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.20-ubi + image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi imagePullPolicy: IfNotPresent args: - webhook diff --git a/tests/common-golang-external-secrets-normal.expected.yaml b/tests/common-golang-external-secrets-normal.expected.yaml index b7c2ad96..056054ba 100644 --- a/tests/common-golang-external-secrets-normal.expected.yaml +++ b/tests/common-golang-external-secrets-normal.expected.yaml @@ -6,10 +6,10 @@ metadata: name: external-secrets-cert-controller namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/serviceaccount.yaml @@ -19,10 +19,10 @@ metadata: name: common-golang-external-secrets namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-serviceaccount.yaml @@ -32,10 +32,10 @@ metadata: name: external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-secret.yaml @@ -45,10 +45,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook --- @@ -2877,6 +2877,9 @@ spec: externalID: description: AWS External ID set on assumed IAM roles type: string + prefix: + description: Prefix adds a prefix to all retrieved values. + type: string region: description: AWS Region to be used for the provider type: string @@ -4299,7 +4302,7 @@ spec: type: object type: object apiUrl: - default: https://api.pulumi.com + default: https://api.pulumi.com/api/preview description: APIURL is the URL of the Pulumi API. type: string environment: @@ -4385,6 +4388,69 @@ spec: - region - secretKey type: object + secretserver: + description: |- + SecretServer configures this store to sync secrets using SecretServer provider + https://docs.delinea.com/online-help/secret-server/start.htm + properties: + password: + description: Password is the secret server account password. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + serverURL: + description: |- + ServerURL + URL to your secret server installation + type: string + username: + description: Username is the secret server account username. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + required: + - password + - serverURL + - username + type: object senhasegura: description: Senhasegura configures this store to sync secrets using senhasegura provider properties: @@ -4949,6 +5015,11 @@ spec: the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object namespace: description: |- Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows @@ -9024,6 +9095,9 @@ spec: externalID: description: AWS External ID set on assumed IAM roles type: string + prefix: + description: Prefix adds a prefix to all retrieved values. + type: string region: description: AWS Region to be used for the provider type: string @@ -10446,7 +10520,7 @@ spec: type: object type: object apiUrl: - default: https://api.pulumi.com + default: https://api.pulumi.com/api/preview description: APIURL is the URL of the Pulumi API. type: string environment: @@ -10532,6 +10606,69 @@ spec: - region - secretKey type: object + secretserver: + description: |- + SecretServer configures this store to sync secrets using SecretServer provider + https://docs.delinea.com/online-help/secret-server/start.htm + properties: + password: + description: Password is the secret server account password. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + serverURL: + description: |- + ServerURL + URL to your secret server installation + type: string + username: + description: Username is the secret server account username. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + required: + - password + - serverURL + - username + type: object senhasegura: description: Senhasegura configures this store to sync secrets using senhasegura provider properties: @@ -11096,6 +11233,11 @@ spec: the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object namespace: description: |- Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows @@ -12014,6 +12156,11 @@ spec: the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object namespace: description: |- Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows @@ -12286,10 +12433,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12353,10 +12500,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12465,10 +12612,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-view labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -12507,10 +12654,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-edit labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" @@ -12553,10 +12700,10 @@ metadata: name: common-golang-external-secrets-servicebindings labels: servicebinding.io/controller: "true" - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12574,10 +12721,10 @@ kind: ClusterRoleBinding metadata: name: common-golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12594,10 +12741,10 @@ kind: ClusterRoleBinding metadata: name: common-golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12630,10 +12777,10 @@ metadata: name: common-golang-external-secrets-leaderelection namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -12669,10 +12816,10 @@ metadata: name: common-golang-external-secrets-leaderelection namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -12690,10 +12837,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook spec: @@ -12714,10 +12861,10 @@ metadata: name: common-golang-external-secrets-cert-controller namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12729,10 +12876,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: serviceAccountName: external-secrets-cert-controller @@ -12747,7 +12894,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.20-ubi + image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi imagePullPolicy: IfNotPresent args: - certcontroller @@ -12779,10 +12926,10 @@ metadata: name: common-golang-external-secrets namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12794,10 +12941,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: serviceAccountName: common-golang-external-secrets @@ -12812,7 +12959,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.20-ubi + image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi imagePullPolicy: IfNotPresent args: - --concurrent=1 @@ -12832,10 +12979,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: default labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -12847,10 +12994,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.20" + app.kubernetes.io/version: "v0.10.0" app.kubernetes.io/managed-by: Helm spec: hostNetwork: false @@ -12865,7 +13012,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: ghcr.io/external-secrets/external-secrets:v0.9.20-ubi + image: ghcr.io/external-secrets/external-secrets:v0.10.0-ubi imagePullPolicy: IfNotPresent args: - webhook diff --git a/tests/common-hashicorp-vault-industrial-edge-factory.expected.yaml b/tests/common-hashicorp-vault-industrial-edge-factory.expected.yaml index 19cef108..14e5c956 100644 --- a/tests/common-hashicorp-vault-industrial-edge-factory.expected.yaml +++ b/tests/common-hashicorp-vault-industrial-edge-factory.expected.yaml @@ -206,7 +206,7 @@ spec: containers: - name: vault - image: registry.connect.redhat.com/hashicorp/vault:1.17.2-ubi + image: registry.connect.redhat.com/hashicorp/vault:1.17.3-ubi imagePullPolicy: IfNotPresent command: - "/bin/sh" @@ -375,7 +375,7 @@ spec: containers: - name: common-hashicorp-vault-server-test - image: registry.connect.redhat.com/hashicorp/vault:1.17.2-ubi + image: registry.connect.redhat.com/hashicorp/vault:1.17.3-ubi imagePullPolicy: IfNotPresent env: - name: VAULT_ADDR diff --git a/tests/common-hashicorp-vault-industrial-edge-hub.expected.yaml b/tests/common-hashicorp-vault-industrial-edge-hub.expected.yaml index 19cef108..14e5c956 100644 --- a/tests/common-hashicorp-vault-industrial-edge-hub.expected.yaml +++ b/tests/common-hashicorp-vault-industrial-edge-hub.expected.yaml @@ -206,7 +206,7 @@ spec: containers: - name: vault - image: registry.connect.redhat.com/hashicorp/vault:1.17.2-ubi + image: registry.connect.redhat.com/hashicorp/vault:1.17.3-ubi imagePullPolicy: IfNotPresent command: - "/bin/sh" @@ -375,7 +375,7 @@ spec: containers: - name: common-hashicorp-vault-server-test - image: registry.connect.redhat.com/hashicorp/vault:1.17.2-ubi + image: registry.connect.redhat.com/hashicorp/vault:1.17.3-ubi imagePullPolicy: IfNotPresent env: - name: VAULT_ADDR diff --git a/tests/common-hashicorp-vault-medical-diagnosis-hub.expected.yaml b/tests/common-hashicorp-vault-medical-diagnosis-hub.expected.yaml index 19cef108..14e5c956 100644 --- a/tests/common-hashicorp-vault-medical-diagnosis-hub.expected.yaml +++ b/tests/common-hashicorp-vault-medical-diagnosis-hub.expected.yaml @@ -206,7 +206,7 @@ spec: containers: - name: vault - image: registry.connect.redhat.com/hashicorp/vault:1.17.2-ubi + image: registry.connect.redhat.com/hashicorp/vault:1.17.3-ubi imagePullPolicy: IfNotPresent command: - "/bin/sh" @@ -375,7 +375,7 @@ spec: containers: - name: common-hashicorp-vault-server-test - image: registry.connect.redhat.com/hashicorp/vault:1.17.2-ubi + image: registry.connect.redhat.com/hashicorp/vault:1.17.3-ubi imagePullPolicy: IfNotPresent env: - name: VAULT_ADDR diff --git a/tests/common-hashicorp-vault-naked.expected.yaml b/tests/common-hashicorp-vault-naked.expected.yaml index 1a62b9c0..8003384e 100644 --- a/tests/common-hashicorp-vault-naked.expected.yaml +++ b/tests/common-hashicorp-vault-naked.expected.yaml @@ -206,7 +206,7 @@ spec: containers: - name: vault - image: registry.connect.redhat.com/hashicorp/vault:1.17.2-ubi + image: registry.connect.redhat.com/hashicorp/vault:1.17.3-ubi imagePullPolicy: IfNotPresent command: - "/bin/sh" @@ -375,7 +375,7 @@ spec: containers: - name: common-hashicorp-vault-server-test - image: registry.connect.redhat.com/hashicorp/vault:1.17.2-ubi + image: registry.connect.redhat.com/hashicorp/vault:1.17.3-ubi imagePullPolicy: IfNotPresent env: - name: VAULT_ADDR diff --git a/tests/common-hashicorp-vault-normal.expected.yaml b/tests/common-hashicorp-vault-normal.expected.yaml index 19cef108..14e5c956 100644 --- a/tests/common-hashicorp-vault-normal.expected.yaml +++ b/tests/common-hashicorp-vault-normal.expected.yaml @@ -206,7 +206,7 @@ spec: containers: - name: vault - image: registry.connect.redhat.com/hashicorp/vault:1.17.2-ubi + image: registry.connect.redhat.com/hashicorp/vault:1.17.3-ubi imagePullPolicy: IfNotPresent command: - "/bin/sh" @@ -375,7 +375,7 @@ spec: containers: - name: common-hashicorp-vault-server-test - image: registry.connect.redhat.com/hashicorp/vault:1.17.2-ubi + image: registry.connect.redhat.com/hashicorp/vault:1.17.3-ubi imagePullPolicy: IfNotPresent env: - name: VAULT_ADDR diff --git a/tests/common-operator-install-industrial-edge-factory.expected.yaml b/tests/common-operator-install-industrial-edge-factory.expected.yaml index 755b244f..bcedc405 100644 --- a/tests/common-operator-install-industrial-edge-factory.expected.yaml +++ b/tests/common-operator-install-industrial-edge-factory.expected.yaml @@ -7,7 +7,7 @@ metadata: namespace: openshift-operators data: gitops.catalogSource: redhat-operators - gitops.channel: gitops-1.12 + gitops.channel: gitops-1.13 # gitops.sourceNamespace: GitOpsDefaultCatalogSourceNamespace # gitops.installApprovalPlan: GitOpsDefaultApprovalPlan @@ -22,7 +22,7 @@ metadata: namespace: openshift-operators spec: clusterGroupName: hub - gitSpec: + gitSpec: targetRepo: https://github.com/pattern-clone/mypattern targetRevision: main multiSourceConfig: diff --git a/tests/common-operator-install-industrial-edge-hub.expected.yaml b/tests/common-operator-install-industrial-edge-hub.expected.yaml index 755b244f..bcedc405 100644 --- a/tests/common-operator-install-industrial-edge-hub.expected.yaml +++ b/tests/common-operator-install-industrial-edge-hub.expected.yaml @@ -7,7 +7,7 @@ metadata: namespace: openshift-operators data: gitops.catalogSource: redhat-operators - gitops.channel: gitops-1.12 + gitops.channel: gitops-1.13 # gitops.sourceNamespace: GitOpsDefaultCatalogSourceNamespace # gitops.installApprovalPlan: GitOpsDefaultApprovalPlan @@ -22,7 +22,7 @@ metadata: namespace: openshift-operators spec: clusterGroupName: hub - gitSpec: + gitSpec: targetRepo: https://github.com/pattern-clone/mypattern targetRevision: main multiSourceConfig: diff --git a/tests/common-operator-install-medical-diagnosis-hub.expected.yaml b/tests/common-operator-install-medical-diagnosis-hub.expected.yaml index 755b244f..bcedc405 100644 --- a/tests/common-operator-install-medical-diagnosis-hub.expected.yaml +++ b/tests/common-operator-install-medical-diagnosis-hub.expected.yaml @@ -7,7 +7,7 @@ metadata: namespace: openshift-operators data: gitops.catalogSource: redhat-operators - gitops.channel: gitops-1.12 + gitops.channel: gitops-1.13 # gitops.sourceNamespace: GitOpsDefaultCatalogSourceNamespace # gitops.installApprovalPlan: GitOpsDefaultApprovalPlan @@ -22,7 +22,7 @@ metadata: namespace: openshift-operators spec: clusterGroupName: hub - gitSpec: + gitSpec: targetRepo: https://github.com/pattern-clone/mypattern targetRevision: main multiSourceConfig: diff --git a/tests/common-operator-install-naked.expected.yaml b/tests/common-operator-install-naked.expected.yaml index 937fb6a2..7466acc4 100644 --- a/tests/common-operator-install-naked.expected.yaml +++ b/tests/common-operator-install-naked.expected.yaml @@ -7,7 +7,7 @@ metadata: namespace: openshift-operators data: gitops.catalogSource: redhat-operators - gitops.channel: gitops-1.12 + gitops.channel: gitops-1.13 # gitops.sourceNamespace: GitOpsDefaultCatalogSourceNamespace # gitops.installApprovalPlan: GitOpsDefaultApprovalPlan @@ -22,7 +22,7 @@ metadata: namespace: openshift-operators spec: clusterGroupName: default - gitSpec: + gitSpec: targetRepo: https://github.com/pattern-clone/mypattern targetRevision: main multiSourceConfig: diff --git a/tests/common-operator-install-normal.expected.yaml b/tests/common-operator-install-normal.expected.yaml index 755b244f..bcedc405 100644 --- a/tests/common-operator-install-normal.expected.yaml +++ b/tests/common-operator-install-normal.expected.yaml @@ -7,7 +7,7 @@ metadata: namespace: openshift-operators data: gitops.catalogSource: redhat-operators - gitops.channel: gitops-1.12 + gitops.channel: gitops-1.13 # gitops.sourceNamespace: GitOpsDefaultCatalogSourceNamespace # gitops.installApprovalPlan: GitOpsDefaultApprovalPlan @@ -22,7 +22,7 @@ metadata: namespace: openshift-operators spec: clusterGroupName: hub - gitSpec: + gitSpec: targetRepo: https://github.com/pattern-clone/mypattern targetRevision: main multiSourceConfig: