resolving merge conflicts

common/tests/golang-external-secrets-industrial-edge-factory.expected.yaml

@@ -8140,6 +8140,25 @@ rules:
  - "update"
  - "patch"
 ---
+# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: view-pods
+ namespace: vault
+ annotations:
+ argocd.argoproj.io/hook: PreSync
+ argocd.argoproj.io/sync-wave: "-15"
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - pods
+ verbs:
+ - get
+ - list
+ - watch
+---
 # Source: golang-external-secrets/charts/external-secrets/templates/rbac.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -8161,6 +8180,25 @@ subjects:
  name: golang-external-secrets
  namespace: "default"
 ---
+# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-rolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: view-pods-rb
+ namespace: vault
+ annotations:
+ argocd.argoproj.io/hook: PreSync
+ argocd.argoproj.io/sync-wave: "-15"
+subjects:
+- kind: ServiceAccount
+ name: vault
+ namespace: vault
+ apiGroup: ""
+roleRef:
+ kind: Role
+ name: view-pods
+ apiGroup: rbac.authorization.k8s.io
+---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-service.yaml
 apiVersion: v1
 kind: Service

common/tests/golang-external-secrets-industrial-edge-hub.expected.yaml

@@ -8140,6 +8140,25 @@ rules:
  - "update"
  - "patch"
 ---
+# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: view-pods
+ namespace: vault
+ annotations:
+ argocd.argoproj.io/hook: PreSync
+ argocd.argoproj.io/sync-wave: "-15"
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - pods
+ verbs:
+ - get
+ - list
+ - watch
+---
 # Source: golang-external-secrets/charts/external-secrets/templates/rbac.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -8161,6 +8180,25 @@ subjects:
  name: golang-external-secrets
  namespace: "default"
 ---
+# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-rolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: view-pods-rb
+ namespace: vault
+ annotations:
+ argocd.argoproj.io/hook: PreSync
+ argocd.argoproj.io/sync-wave: "-15"
+subjects:
+- kind: ServiceAccount
+ name: vault
+ namespace: vault
+ apiGroup: ""
+roleRef:
+ kind: Role
+ name: view-pods
+ apiGroup: rbac.authorization.k8s.io
+---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-service.yaml
 apiVersion: v1
 kind: Service
@@ -8358,6 +8396,32 @@ spec:
  secret:
  secretName: golang-external-secrets-webhook
 ---
+# Source: golang-external-secrets/templates/golang-external-secrets-hub-presync.yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+ annotations:
+ argocd.argoproj.io/hook: PreSync
+ name: job-wait-for-vault
+ # By placing the job in the vault namespace we can avoid dealing with RBACs
+ namespace: vault
+spec:
+ template:
+ spec:
+ containers:
+ - image: image-registry.openshift-image-registry.svc:5000/openshift/cli:latest
+ command:
+ - /bin/bash
+ - -c
+ - |
+ oc wait --for=condition=Ready=true pods -n vault vault-0 --timeout=900s
+ name: wait-for-healthy-vault
+ dnsPolicy: ClusterFirst
+ restartPolicy: Never
+ serviceAccount: vault
+ serviceAccountName: vault
+ terminationGracePeriodSeconds: 60
+---
 # Source: golang-external-secrets/templates/golang-external-secrets-hub-secretstore.yaml
 apiVersion: external-secrets.io/v1beta1
 kind: ClusterSecretStore

common/tests/golang-external-secrets-medical-diagnosis-hub.expected.yaml

@@ -8140,6 +8140,25 @@ rules:
  - "update"
  - "patch"
 ---
+# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: view-pods
+ namespace: vault
+ annotations:
+ argocd.argoproj.io/hook: PreSync
+ argocd.argoproj.io/sync-wave: "-15"
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - pods
+ verbs:
+ - get
+ - list
+ - watch
+---
 # Source: golang-external-secrets/charts/external-secrets/templates/rbac.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -8161,6 +8180,25 @@ subjects:
  name: golang-external-secrets
  namespace: "default"
 ---
+# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-rolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: view-pods-rb
+ namespace: vault
+ annotations:
+ argocd.argoproj.io/hook: PreSync
+ argocd.argoproj.io/sync-wave: "-15"
+subjects:
+- kind: ServiceAccount
+ name: vault
+ namespace: vault
+ apiGroup: ""
+roleRef:
+ kind: Role
+ name: view-pods
+ apiGroup: rbac.authorization.k8s.io
+---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-service.yaml
 apiVersion: v1
 kind: Service
@@ -8358,6 +8396,32 @@ spec:
  secret:
  secretName: golang-external-secrets-webhook
 ---
+# Source: golang-external-secrets/templates/golang-external-secrets-hub-presync.yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+ annotations:
+ argocd.argoproj.io/hook: PreSync
+ name: job-wait-for-vault
+ # By placing the job in the vault namespace we can avoid dealing with RBACs
+ namespace: vault
+spec:
+ template:
+ spec:
+ containers:
+ - image: image-registry.openshift-image-registry.svc:5000/openshift/cli:latest
+ command:
+ - /bin/bash
+ - -c
+ - |
+ oc wait --for=condition=Ready=true pods -n vault vault-0 --timeout=900s
+ name: wait-for-healthy-vault
+ dnsPolicy: ClusterFirst
+ restartPolicy: Never
+ serviceAccount: vault
+ serviceAccountName: vault
+ terminationGracePeriodSeconds: 60
+---
 # Source: golang-external-secrets/templates/golang-external-secrets-hub-secretstore.yaml
 apiVersion: external-secrets.io/v1beta1
 kind: ClusterSecretStore

common/tests/golang-external-secrets-naked.expected.yaml

@@ -8140,6 +8140,25 @@ rules:
  - "update"
  - "patch"
 ---
+# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: view-pods
+ namespace: vault
+ annotations:
+ argocd.argoproj.io/hook: PreSync
+ argocd.argoproj.io/sync-wave: "-15"
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - pods
+ verbs:
+ - get
+ - list
+ - watch
+---
 # Source: golang-external-secrets/charts/external-secrets/templates/rbac.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -8161,6 +8180,25 @@ subjects:
  name: golang-external-secrets
  namespace: "default"
 ---
+# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-rolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: view-pods-rb
+ namespace: vault
+ annotations:
+ argocd.argoproj.io/hook: PreSync
+ argocd.argoproj.io/sync-wave: "-15"
+subjects:
+- kind: ServiceAccount
+ name: vault
+ namespace: vault
+ apiGroup: ""
+roleRef:
+ kind: Role
+ name: view-pods
+ apiGroup: rbac.authorization.k8s.io
+---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-service.yaml
 apiVersion: v1
 kind: Service
@@ -8358,6 +8396,32 @@ spec:
  secret:
  secretName: golang-external-secrets-webhook
 ---
+# Source: golang-external-secrets/templates/golang-external-secrets-hub-presync.yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+ annotations:
+ argocd.argoproj.io/hook: PreSync
+ name: job-wait-for-vault
+ # By placing the job in the vault namespace we can avoid dealing with RBACs
+ namespace: vault
+spec:
+ template:
+ spec:
+ containers:
+ - image: image-registry.openshift-image-registry.svc:5000/openshift/cli:latest
+ command:
+ - /bin/bash
+ - -c
+ - |
+ oc wait --for=condition=Ready=true pods -n vault vault-0 --timeout=900s
+ name: wait-for-healthy-vault
+ dnsPolicy: ClusterFirst
+ restartPolicy: Never
+ serviceAccount: vault
+ serviceAccountName: vault
+ terminationGracePeriodSeconds: 60
+---
 # Source: golang-external-secrets/templates/golang-external-secrets-hub-secretstore.yaml
 apiVersion: external-secrets.io/v1beta1
 kind: ClusterSecretStore

common/tests/golang-external-secrets-normal.expected.yaml

@@ -8140,6 +8140,25 @@ rules:
  - "update"
  - "patch"
 ---
+# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: view-pods
+ namespace: vault
+ annotations:
+ argocd.argoproj.io/hook: PreSync
+ argocd.argoproj.io/sync-wave: "-15"
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - pods
+ verbs:
+ - get
+ - list
+ - watch
+---
 # Source: golang-external-secrets/charts/external-secrets/templates/rbac.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -8161,6 +8180,25 @@ subjects:
  name: golang-external-secrets
  namespace: "default"
 ---
+# Source: golang-external-secrets/templates/golang-external-secrets-hub-vault-rbac-rolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: view-pods-rb
+ namespace: vault
+ annotations:
+ argocd.argoproj.io/hook: PreSync
+ argocd.argoproj.io/sync-wave: "-15"
+subjects:
+- kind: ServiceAccount
+ name: vault
+ namespace: vault
+ apiGroup: ""
+roleRef:
+ kind: Role
+ name: view-pods
+ apiGroup: rbac.authorization.k8s.io
+---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-service.yaml
 apiVersion: v1
 kind: Service
@@ -8358,6 +8396,32 @@ spec:
  secret:
  secretName: golang-external-secrets-webhook
 ---
+# Source: golang-external-secrets/templates/golang-external-secrets-hub-presync.yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+ annotations:
+ argocd.argoproj.io/hook: PreSync
+ name: job-wait-for-vault
+ # By placing the job in the vault namespace we can avoid dealing with RBACs
+ namespace: vault
+spec:
+ template:
+ spec:
+ containers:
+ - image: image-registry.openshift-image-registry.svc:5000/openshift/cli:latest
+ command:
+ - /bin/bash
+ - -c
+ - |
+ oc wait --for=condition=Ready=true pods -n vault vault-0 --timeout=900s
+ name: wait-for-healthy-vault
+ dnsPolicy: ClusterFirst
+ restartPolicy: Never
+ serviceAccount: vault
+ serviceAccountName: vault
+ terminationGracePeriodSeconds: 60
+---
 # Source: golang-external-secrets/templates/golang-external-secrets-hub-secretstore.yaml
 apiVersion: external-secrets.io/v1beta1
 kind: ClusterSecretStore